Jira Cloud
Add Jira Cloud to vScope
Section titled “Add Jira Cloud to vScope”vScope connects to Jira Cloud using Basic Auth (username + API token). The username is the account email.
Create a service account and API token
Section titled “Create a service account and API token”- Go to admin.atlassian.com.
- Select Directory -> Service Accounts -> Create a Service Account.
- Enter a name like
vScope. - Under App roles, select role User for Jira, Projects, and Goals.
- Select Create credentials, choose API token, enter a name, and set an expiry as far ahead as possible.
- Select the required API scopes (see Required API token scopes) and create the token.
- Copy the token now, because it will not be shown after this step.
- In vScope, enter the service account username and its API token when creating the Jira Cloud credential.
Inventory visibility is limited by the permissions of the service account.
Create a group for the service account
Section titled “Create a group for the service account”Create a group so you can assign the required global permission later:
- Go to admin.atlassian.com.
- Select Directory -> Groups -> Create group.
- Enter a name like
vScope Service Accountsand create the group. - To add the service account to the group, go to Directory -> Service Accounts, open the service account, then use the … menu to select Add to group and choose the group you created.
Required Jira permissions
Section titled “Required Jira permissions”Listing users and groups requires the global permission Browse users and groups. In Jira admin settings, go to Security -> Global permissions, then grant Browse users and groups to the service account group that the service account is part of.
Required API token scopes
Section titled “Required API token scopes”For a complete inventory, the API token must include these scopes.
read:accountread:jira-userread:jira-workread:avatar:jiraread:group:jiraread:user:jira
For partial inventory, see the permission requirements listed in the Jira Cloud credential in vScope.
Find the API base URL
Section titled “Find the API base URL”- Open your Jira site in a browser. The URL looks like
https://<your-site>.atlassian.net. - Open
https://<your-site>.atlassian.net/_edge/tenant_infoto find your cloud ID. - Copy the value of
cloudIdfrom the response, for example:
{"cloudId":"c1bfd74b-1234-4f5a-96b1-abcdef123456"}- Build the API base URL using the gateway format
https://api.atlassian.com/ex/jira/<cloudId>. For example:https://api.atlassian.com/ex/jira/c1bfd74b-1234-4f5a-96b1-abcdef123456
Add the Jira Cloud credential in vScope
Section titled “Add the Jira Cloud credential in vScope”- Navigate to Discovery > Credentials.
- Click Create credential and choose Jira Cloud.
- Enter the API base URL in Base URL.
- Enter the service account email in Username.
- Enter the API token in Password.
Inventory settings
Section titled “Inventory settings”Configure inventory in Discovery > Inventory settings:
Accounts: enable or disable user inventory.Groups: enable or disable group inventory.Work Items: enable or disable work item (issue) inventory.Project keys to include: limit work item inventory to specific project keys.Statuses to include: limit work item inventory to specific statuses.Statuses to exclude: exclude work items with specific statuses.
Troubleshooting
Section titled “Troubleshooting”Authentication errors
Section titled “Authentication errors”If you see 401 Unauthorized, confirm the API token is valid and matches the service account in Username.
If you see 403 Forbidden when listing users or groups, confirm the service account group has Browse users and groups and the API token includes the required scopes.
Email visibility
Section titled “Email visibility”If user emails are missing, Jira profile visibility settings are hiding them. For Jira, hidden fields are omitted from the user response. For Confluence, hidden fields are returned as empty strings.
To include emails in inventory, ask users to set Email address visibility to Public in their Atlassian profile.