Jira Service Management

1. Navigate to your Jira instance
2. Go to Apps >Find new apps (or Manage apps)
3. Search for "BeyondTrust Privileged Remote Access"
4. Click Install and follow the prompts
5. Wait for the installation to complete

The integration requires a field in your Jira issues to associate tickets with assets. This can be either:

• An Asset field that links to assets from the Jira Assets module
• A custom text field where asset names are manually entered

Option A: Using Jira Assets Field

If you are using Jira Service Management with the Assets module:

1. Navigate to Project settings > Issue types
2. Select the issue types you want to use with this integration (e.g., Incident, Service Request)
3. On the issue type, click Fields
4. Add or ensure an Assets field is present
5. Note the field name for configuration (typically something like "Assets" or "Configuration Items")

Option B: Using Custom Text Field

If you prefer to use a simple text field:

1. Navigate to Project settings > Fields
2. Click Create field or follow Atlassian's documentation
3. Create a field with the following properties:
   • Field Type: Short text (single line) or Assets
   • Name: Asset Name (or your preferred name)
   • Description: Name of the asset to connect via BeyondTrust PRA
4. Associate the field with appropriate screens and issue types
5. Note the field name for later configuration

1. In /login, navigate to Management > API Configuration
2. Verify that Enable XML API is checked
3. If not enabled, check the box and click Save

1. In /login, navigate to Management > API Configuration
2. Click Add
3. Configure the following settings:
   • Enabled: ✅ Check to enable
   • Name: Jira Integration API (or your preferred name)
   • OAuth Client ID: This will be auto-generated; save this for Jira configuration
   • OAuth Client Secret: This will be auto-generated; save this for Jira configuration
4. Under Permissions, check the following:
   • Command API: Full Access
   • Reporting API: Allow Access to Access Session Reports and Recordings
5. Click Save at the top of the page

ℹ️

Keep the OAuth Client ID and OAuth Client Secret secure. You need these values when configuring the Jira app.

1. In /login, navigate to Management > Outbound Events
2. Click Add
3. Configure the following settings:
   • Name: Jira Session End (or your preferred name)
   • URL: This will be provided in the Jira app configuration page (see Configure the Jira app )
   • Events to Send: ✅ Check Access Session End
   • Enabled: ✅ Check to enable
4. Click Save

1. In /login, navigate to Console Settings > Custom Links
2. Click Add
3. Configure the link:
   • Name: View Jira Ticket (or your preferred name)
   • URL: https://example.atlassian.net/browse/%SESSION.CUSTOM.EXTERNAL_KEY%
     • Replace example.atlassian.net with your actual Jira instance URL
     • The %SESSION.CUSTOM.EXTERNAL_KEY% macro will be replaced with the ticket ID
4. Click Save

1. In /login, navigate to Jump > Jump Policies
2. Under Ticket System, configure the following:
   • Ticket System URL: This is provided in the Jira app configuration page (see Configure the Jira app )
   • CA Certificate: Upload the CA certificate from your Jira instance (typically not required for Atlassian Cloud)
   • User Prompt: Enter a prompt such as "Enter your Jira ticket ID to proceed"
3. Click Save
4. Under the Jump Policies section, click Add to create a new policy, or click Edit next to an existing policy
5. Configure the Jump Policy:
   • Name: Enter a descriptive name (e.g., "Jira Approval Required")
   • Under Ticket System, check Require a ticket ID before a session starts
   • Configure other policy settings as needed for your environment
6. Click Save

ℹ️

The Jump Item must be configured to use this Jump Policy for the change management workflow to be enforced. The policy should be applied to Jump Items or Jump Groups that require approval.

After configuring the basic settings and clicking Save, the app will display two important URLs:

• Outbound Event URL: Use this in PRA's Outbound Events configuration (Step 3 in PRA configuration)
• Endpoint Approval URL: Use this as the Ticket System URL in PRA's Jump Policies (Step 6 in PRA configuration)

The app automatically validates the configuration when you click Save and display:

• ✅ Configuration Valid: All settings are correct and PRA is accessible
• ❌ Configuration Invalid: There is an error in the configuration; check the error message and verify:
  • Host Name is correct and accessible
  • Client ID and Client Secret are correct
  • PRA appliance is accessible from Jira over HTTPS

1. In PRA /login, navigate to Management > Outbound Events
2. Click Edit on the Jira Session End event you created earlier
3. Set the URL to the Outbound Event URL from the Jira app configuration page
4. Click Save

1. In PRA /login, navigate to Jump > Jump Policies
2. Under Ticket System, set the Ticket System URL to the Endpoint Approval URL from the Jira app configuration page
3. Click Save

1. Technician opens a Jira ticket (incident, service request, etc.)
2. The ticket has an asset associated via the configured asset field
3. Technician clicks the "…" menu (more actions) at the top right
4. Selects Jump to Asset with BeyondTrust PRA
5. A dialog appears with session information and a Jump to... link
6. If Use Web Rep Console is enabled:
   • Clicking the link opens a new browser tab to the PRA web console
   • The session automatically connects to the asset
7. If Use Web Rep Console is disabled:
   • A session file is downloaded
   • Opening the file launches the PRA Access Console
8. When the session ends, session data is automatically imported into the Jira ticket

1. User opens the PRA Access Console
2. User attempts to connect to a Jump Item that requires ticket validation
3. PRA prompts: "Enter your Jira ticket ID to proceed" (or your custom prompt)
4. User enters a Jira ticket ID (e.g., "SD-1234")
5. PRA sends an approval request to Jira with:
   • Ticket ID
   • User information (email, display name, username)
   • Target asset name (computer name)
6. The Jira app validates:
   • ✅ Ticket Exists: The specified ticket ID is valid
   • ✅ Ticket Active: The ticket is not in a closed/resolved/cancelled state
   • ✅ User Authorized: The requesting user matches the ticket's assignee (by email or name)
   • ✅ Asset Match (optional): The target asset name matches the ticket's associated asset
7. If all validations pass:
   • Approval is sent to PRA
   • Session proceeds normally
   • The ticket ID is linked to the session
   • Session data is imported to the ticket when complete
8. If any validation fails:
   • Denial is sent to PRA with a specific error message
   • Session is blocked
   • User sees the error message explaining why access was denied

The endpoint approval process performs the following checks:

• Ticket Lookup: Searches for the ticket by ticket ID (e.g., "SD-1234")
• Assignee Validation: Matches the PRA user against the Jira ticket assignee using:
  • Email address match
  • Display name match (private or public)
  • Username match
• Asset Validation: Compares the PRA Jump Item computer name with the asset name from the ticket (case-insensitive)

• "The specified ticket, [SD-1234], could not be found. Please provide a valid ticket number."
• "The specified ticket, [SD-1234], is not assigned to anyone."
• "The user that initiated the PRA session does not match the assignee of ticket [SD-1234]."
• "The specified ticket, [SD-1234], does not appear to be associated with an asset named [WORKSTATION-01]."

1. Open the PRA Access Console
2. View an active or completed session that has a linked Jira ticket
3. Click the View Jira Ticket custom link (or whatever name you configured)
4. The Jira ticket opens in your default browser