Step-by-step deployment guide
This version of the gateway is currently compatible with Elimity Insights server versions matching 3.43.x.
1. Setting up a dedicated user in Jira Data Center
As usual, we recommend creating a dedicated user in Jira Data Center for this connector. Don't assign any groups for this user yet, we'll cover that in the next step. Either way, refer to the official documentation for additional information about creating users in Jira Data Center. Having created a new dedicated user, we can now use it to log in and generate a personal access token. Again, the official documentation provides more details on how to do this. Note down the generated token.
2. Setting up a dedicated group in Jira Data Center
To assign the minimal required global permissions in Jira Data Center, we also recommend creating a dedicated group. More specifically, we recommend following these steps:
Grant the following global permissions to the newly created group:
Jira administrators
Browse users
3. Configuring the gateway
To configure your gateway, mount an JSON configuration file at /app/config/config.json with the properties listed below. Refer to the following attachment for a starting point:
Edit the following properties in this file to configure the gateway to your needs:
jwtValidationAudiences
option[list[string]]
Audiences for JWT validation, defaults to ["gateway"]
jwtValidationBaseUrl
string
Expected Elimity Insights base URL for JWT validation, e.g. "https://example.elimity.com"
jwtValidationGatewayUrl
string
Expected gateway URL for JWT validation, e.g. "https://gateway.example.com"
jwtValidationIssuer
option[string]
Issuer for JWT validation, defaults to "https://auth.elimity.com/"
jwtValidationExpr
option[string]
Expr program implementing JWT custom claim validation, defaults to "claims.base_url == baseURL && claims.gateway_url == gatewayURL && claims.source_id == sourceID"
jwtValidationOptional
option[boolean]
Flag indicating whether JWT validation is optional, defaults to false
jwtValidationSourceId
string
Expected source id for JWT validation, e.g. "42"
personalAccessToken
string
Token you noted down in step 1
restApiBaseUrl
string
Base URL of your Jira Data Center instance's REST API, e.g. https://jira.example.com/rest
JWT validation
We highly recommend requiring JWT validation to secure your gateway. Please read our official documentation about the following topics to understand how Elimity Insights authenticates to gateways via OAuth2:
Our SaaS customers can simply set the jwtValidationBaseUrl, jwtValidationGatewayUrl and jwtValidationSourceId configuration options, which provides the following security guarantees:
Only requests coming from the configured Elimity Insights tenant are allowed
Only requests targeting the configured gateway URL are allowed
Only requests for importing the configured source are allowed
On-premise customers should additionally set the jwtValidationAudiences, jwtValidationIssuer and jwtValidationExpr configuration options. Alternatively you can also set jwtValidationOptional to true and perform authentication in a proxy instead.
4. Deploying the gateway
Having configured the gateway we can now deploy it so the built-in connector can start importing. Since we distribute the gateway as a Docker image, our recommendation for deployment is to use a CaaS solution like Google Cloud Run or Azure Container Apps. If that's not an option, you can also manually deploy the image on e.g. Windows Server. Refer to our documentation about gateways and import agents for additional details.
Last updated