Jira – Setting up OAuth 2.0 email authentication in Azure

Posted: September 14, 2021 in Azure

Google and Microsoft are planning to deprecate Basic Authentication, as a response, Atlassian offer OAuth2 authentication.Please note that JIRA URL needs to be accessible from the internet so Azure can contact Jira.

Creating Azure Application registration

  1. In Azure portal go to Active Directory – App registrations – New registration

2.Type name,Account type:Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) – click register

3.Copy Application (client) ID to notepad (will be used later on)

4. Click Api Permissions – Microsoft Graph – Add permissions – Delegated permissions

Add following permissions:

OpenId permissions: offline_access
IMAP: IMAP.AccessAsUser.All
POP: POP.AccessAsUser.All

Click “Grant admin consent”

5. Click Certifcates & Secrets – New Client Secret – Give name and set validity period – Copy secret to notepad

JIRA configuration

6.Log in to Jira – System – OAuth2 – Add new integration


Client ID: from step 3

Secret: from step 5

Scopes: https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All and offline_access

Copy redirect URL

7. Go back to Azure app registration created in step 1 – Overview – Add a Redirect URI

Add platform – Web

Paste URL from step 6

Go back to JIRA and click Test connection,

if successfull:

8. Navigate to Administration > System > Incoming Mail

Click on Add mail server
At the “Service Provider” field, let’s pick up Microsoft Exchange Online / Outlook (IMAP)
At the “Username” field, insert the email address being used by Jira
At the “Authentication method” field, select the new server created under the OAuth 2.0 menu
Click on Authorize
Click on Test Connection
Click on Save

If test fails turn on debug logs

9.Navigate to Administration > System > Logging and profiling

Under “Default Loggers” section, click on Configure logging level for another package

  • At the “Package name” field, insert com.atlassian.jira.mail.settings.MailSetting
  • At the “Logging Level” dropdown, select DEBUG
  • Click on Add
  • Under “Default Loggers” section, click on Configure logging level for another package
  • At the “Package name” field, insert com.atlassian.plugin.remotable.plugin.module.oauth.OAuth2LOAuthenticator
  • At the “Logging Level” dropdown, select DEBUG
  • Click on Add
  • Replicate the issue

Create support.zip file

From support.zip file, open atlassian-jira.log file and check for errors

Adding shared mailboxes

If Jira is using shared mailboxes, delegate full control over mailbox to email account.

Add new email server in JIRA, specify shared mailbox username – click Authorize and then specify delegated email credentials

  1. Mauricio says:

    Hello! I get this error, do you have any idea?
    /rest/applinks/3.0/status/b71ce3e8-46ab-3bce-ae49-7c134f25b8e5 [c.a.a.i.migration.remote.TryWithCredentials] You do not have an authorized access token for the remote resource.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s