Configuring Jira connector credentials using Jira Cloud API service account

Summary

This article covers configuring the Jira connector credentials using the new Jira Cloud API service account.

Prerequisites

  • Jira Organization admin access to Atlassian Administration

  • Jira Align administrator

Solution

Create a Jira service account

Service accounts are created in Atlassian Administration and are not provisioned via IdP. An email and account ID are auto-generated; email cannot be changed later.

  1. In Atlassian Administration, select the organization you want to create the service account.

  2. Navigate to Directory > Service accounts, then select Create a service account.

  3. Provide a name (6–30 alphanumeric chars) and optional description.

  4. Select Jira app role for service account. App: Jira (not to be confused with Jira Administration) Roles: User

    image of Jira align select app role for service account sc

  5. Add to appropriate groups that grant the least-required permissions.

    Tip: Place the service account in a dedicated group (for example, “jira-connector-svc”) and manage all project/issue permissions via this group to simplify auditing and offboarding.

  6. Select Create.

Create the API token

  1. Select the service account you just created

  2. Select Create credentials

  3. Select API Token as authentication type

  4. Enter the name of the API token

  5. Set the expiry date (Tokens can last no longer than 365 days)

  6. Select token scopes

    • Set the following filter:

      1. App: Jira

      2. Scope Actions:

        • Read

        • Write

        • Manage

    • Select the following scopes:

      1. Classic

        • manage:jira-project

        • read:jira-user

        • read:jira-work

        • write:jira-work

      2. Granular

        • read:board-scope:jira-software

        • read:board-scope.admin:jira-software

        • read:issue-details:jira

        • read:jql:jira

        • read:project:jira

        • read:sprint:jira-software

        • write:board-scope:jira-software

        • write:epic:jira-software

  7. Select Next

  8. Review your API token, and the SCOPES should like like the following below:

    Image of Jira align API token Scopes

  9. Select Create

  10. Copy API token

Grant minimum Jira permissions

Align the service account’s permissions with what the connector needs to do:

  • Read-only integrations: Browse projects, View issues, View sprint/board info

  • Read/write integrations: Add/edit issues, transitions, comments, work logs (as needed)

  • Jira Software features: Board/sprint read access and board-scope writes if creating boards/epics/sprints

Avoid site-admin or organization-admin roles for service accounts. Apply least privilege and restrict to required projects. Please refer to Jira integration prerequisites.

Configure Jira connector using API service account

Cloud IDs are stable identifiers for a site. If you connect multiple Jira sites, retrieve the Cloud ID per site and configure a separate connector entry for each.

Important to take note of the Jira API URL endpoint when using the Jira service account. This is different from the Jira API endpoint used for a non-service account API credential.

  1. Determine your Jira cloud ID by running this in your browser: https://<Jira Cloud URL>/_edge/tenant_info

  2. Copy the CloudID.

  3. In Jira Align, select Settings > Jira Settings > Jira Connectors

  4. Enter the following: Jira Link: https://<Jira Cloud URL>/browse/{external} Name: Provide a name of the connector Jira API URL: https://api.atlassian.com/ex/jira/<cloudid from step 2> Authentication Type: API service account token Authentication Jira Username: Enter the email of the service account created Jira API token: Enter service account API token.

    Manage Jira Connectors screen

  5. Select Save > Activate

Related references

Updated on November 12, 2025
App
Jira Align Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community