Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • In your Azure portal, select All services > Microsoft Entra ID

  • Scroll down the left bar to Manage, open the Properties and search for Tenant ID

  • Save the Directory Tenant ID for future reference for usage in the import configuration

Get your Subscription ID

  • If you need specific subscriptions to be imported

  • In your Azure portal, search for Subscriptions

  • Select the Subscription(s) you would like to synchronize the Azure (Assets) data from

  • Save the Subscription ID Id (s) for future reference for usage in the import configuration

Register Access Application

You need to register an Application (the Azure Registration Application that will be used for the API-Gateway) that works as a gateway that enables the Azure Sync app to access data within your Azure environment. This registration app acts as an intermediary; it has permissions to view or manage certain parts of your Azure setup, but Azure Sync for Jira Assets does not directly access or modify Azure data. The registration app specifies which data the Azure Sync app can import.

  • In your Azure portal, select All services > Microsoft Entra ID

  • Under the “Add” tab, click on App registration (or in the left bar open App registrations and Select New registration)

  • Pick a name for your application. You can use something like "asset-azure-sync" as inspiration

  • Leave other settings at default values

  • Create the App registration

  • Save the Application (client) ID for future reference for usage in the import configuration

    image-20240430-195356.png

...

Assign Application Role assignment

Granting permissions to the registration app is essential as it defines the scope of data access: what the Azure Sync app can view and manage in Azure.

In your Azure portal, search for Subscriptions

  • Select your subscription (or more if you want to be able to import data from multiple subscriptions)

  • Select Access control (IAM) and click on the Role assignments tab

  • Click Add (you need to have proper permission)

  • Choose Role = Reader and search at the select for the Application name that you have created in steps above (saying this registered application now can read this subscription data)

...

Check Required Permissions

...

  •  On the search bar, search for App registrations. Select the App registration that you have created

  • Click API permissions and Add a permission

  • Select "Microsoft Graph"

  • Select "Application permissions"

  • Select and add User and check "User.Read.All", (recommended option)

    • If you only select lower permission “User.ReadBasic.All” user atributes will not be fully imported

  • Select following API permissions:

    • "Group.Read.All"

    • "Device.ReadWrite.All"

    • "DeviceManagementManagedDevicesor least privilege “GroupMember.Read.All"

    • "Application.ReadWrite.All"

...

    • All“

  • Click "Grant admin consent for “your specific subscription”.  

...

image-20240430-195021.pngImage Modified

Configuring the “Azure Sync for Jira Assets” App import

...

After creating an import, it will be in “NOT CONFIGURED” state. You will first need to provide your Azure Connection Details to execute it. Click on the “three dots” and then “Configure app” to open configuration modal.

...

SnĂ­mek obrazovky 2024-06-26 123632.pngImage Removed

Connection configuration

Fill the necessary fields and click “Save configuration”. When you save configuration for the first time, the asset schema & mapping will be generated. This may take a while (by our testing 20 seconds to 2 minutes) so please be patient.
Also you should test the connection using the test connection button before proceeding to further tasks. You can also open the schema tree, and see the (empty) structure of Asset Object Types generated under the Root Object Type.

...

Azure Connection parameters:

  • Root object type name

    • Specify the name of the object type where the imported data will be stored.

      • Note : Select the Important note : It will automatically generate a new root object type. It's recommended to select a unique name for the root object type. If you attempt to connect the app to an object type already existsthat was created via the Atlassian Assets GUI, it may cause issues errors due to the Atlassian's limitations.

  • Subscription ID

    • Note : Only resources registered under the specified subscription will be imported.

      • Therefore, it's recommended to use a unique name (so a new object is created) or choose an existing object type that was created by this application (such as when performing a prior import with the same root object).

  • Microsoft Entra ID (Directory Tenant ID)

  • Application (Client) ID

  • Application (Client) Secret Key

  • Subscription Options

    • In the latest version, you can now enable an option to import resources from all subscriptions that your Azure Registration App has permission to access. This significantly simplifies importing from multiple subscriptions at once.

...

  • If you prefer to specify subscriptions instead of importing all at once, you can toggle this feature off. Then, simply enter the Subscription ID of the subscription you would like to import data from. If you want to import data from multiple (specific) subscriptions in a single instance, separate them by commas. This makes handling a large number of subscriptions much easier and more efficient.

...

Advanced settings

On separate tab you can modify import parameters not critical for import execution.

...

Scheduler:

  • Off

  • Once a day

Using the scheduler, you You can automate imports using the scheduler. When enabled, the import will run automatically once a day, starting approximately 24 hours after the configuration is saved. Or you can take control with manual synchronization for precise adjustments on demand. The first scheduled trigger typically occurs approximately 5 minutes after the application is deployed, even if imports have not yet been configured at that time. The exact start time for daily imports is not configurable, as triggers are distributed across installations to balance system load. However, after the first trigger, the scheduler will run daily at the same time. If there are multiple scheduled imports, they will not execute simultaneously but rather one by one, with 5-minute delays between them. A maximum of 10 imports can be processed per hour, supporting up to 240 scheduled imports per day. This feature is necessary to comply with Forge limitations and prevent errors. You can also manually synchronize imports at any time for precise control. By default, the scheduler is turned off.

Import options:

  • Include hidden tags - hidden tags are special tags that are not displayed in Azure Resource view with “hidden-” prefix in tag name. You can toggle import of these here. Defaults to false.

Object Types Update

The Configuration modal includes an "Object Types Update" tab. When you deploy a new version of the app, it may support additional Object Types or Object Type Attributes. These changes are part of the new schema and mapping.

...

  • See which Object Types or Object Type Attributes have been added, removed, or updated.

  • Run the schema and mapping update to apply these changes.

Structuring Your Imports in Jira

  • Depending on your organization’s needs, you may want to import data from different subscriptions into one shared “root object” within Jira Assets or keep them separated by creating distinct root objects.

    • Single Root Object: All resources, regardless of the subscription, are imported into a single location within Jira Assets. This works well if it’s not necessary to distinguish resources by environment (e.g., production vs. testing), or to track resources across your organization and have everything in one place.

    • Separate Root Objects: If it’s essential to differentiate resources for example by environment, you can set up separate root objects within Jira for each subscription (multiple import instances). This setup reduces the risk of data confusion, as each environment is clearly separated in Jira Assets.

Performing the Import

Once you have configured your settings correctly, you should be ready to perform the import process effortlessly. Before the first execution, configured import will be in state “READY TO RUN” and “Import data” button will appear. To start the import manually, simply click on the button.

...

Azure Sync for Jira Assets, built on the Forge platform, offers you the advantage of data residency control. With the latest Forge capabilities integrated, you can securely store your Azure connection data with confidence. This empowers you to align with your organization's data governance policies and ensures compliance with regional regulations. Your data remains safe and accessible, giving you peace of mind while using our app🔒.

Known

...

Limitations

Note
  • Character Limit Discrepancy: Azure allows longer tag names and string attribute values than Jira Assets, causing which causes import errors when tags creating assets with attributes of the "text" type that exceed Jira Assets' 254-character limit. Resources with extended limits attributes that exceed this limit will be skipped during the import.Hidden Azure Tags: Hidden tags in Azure are imported along with other resources. We are implementing a checkbox to exclude hidden tags, which will be available in the next version

For certain Azure resource types with long attributes by default, this error occurred more frequently, so we decided to implement workarounds.
Currently, the affected resources with attributes where we apply these workarounds are:

  • IpConfiguration: Id attribute (from v3.15.0):

    • Id: A shortened version of the Azure Id (used for referencing, type "text").

    • Full Id: The complete Azure Id (stored as "textarea", which does not have the 254-character limit but cannot be used for referencing).

Note: If you had any IpConfigurations imported from a version prior to 3.15.0 and import them again, they will be treated as "duplicates" (since the Id attribute is being modified, the system sees it as a new object). To resolve this, we recommend bulk-removing all the existing IpConfigurations and then running the import again.

Note
  • Limitation for imports: Currently, when using Azure Sync for Jira Assets, there is a limitation on the number of Azure subscriptions you can import at one time. Users can import a maximum of 30 subscriptions per import session.

If your organization has more than 30 Azure subscriptions, you may encounter restrictions in importing all subscriptions in a single process. While we are actively working on a permanent solution, here are some recommended approaches for managing larger imports.

Workarounds

Use Multiple Import Instances

  • Specify Individual Subscriptions
    Consider running separate import sessions. This can be done by listing up to 30 subscriptions per session in the Subscription IDs configurationinput field.

  • Import “All Available” Subscriptions: Create Additional Azure Registration Apps
    Alternatively, you can create multiple Azure registration applications to divide and manage the subscription import process more effectively. Each app can be configured to import a different set of up to 30 subscriptions, reducing manual input and simplifying the import setup (utilizing the "All Available" configuration option)

Resolution Timeline
Our team is aware of this limitation, and a fix to enable larger bulk imports is currently under development. We appreciate your patience and will provide updates as soon as they are available.

Troubleshooting

Assets - Azure Integration requires both Jira and Assets to function. Also make sure all the specific permission in your Azure environment was set right.

...

You might encounter an error (2) when starting the import (1). The first thing to check is whether your license is active, as it is the most common reason. The quickest way to verify this is in the import configuration dialog (3), where a message should appear in such case.

...

In the current version, one import instance can only import resources registered under the specified subscription.

  • To import asset data from multiple subscriptions, you need to create separate importer instances with distinct configurations for each subscription (or modify the existing one).

  • To make the import functional for another subscription, it is necessary to update not only the Subscription ID but also make sure to set correct Application (Client) ID with its Application Secret Key to grant access to subscription resources.

Schema updates

Sometimes it may appear that schema&mapping update (on update tab) is taking too long. The operation might take longer in extreme cases because a retry event is performed there.

Unused Location asset objects

When running the import, all Locations will be imported, including those that are not used or referenced by any resource. This is not an error but a feature, allowing users to view all possible locations (e.g., for cloud infrastructure management, to see available locations where a resource can be deployed).

To display only the Locations that are currently in use (i.e., being referenced), we suggest using a filter within the asset view with the following AQL query:

object HAVING inboundReferences()

...

Feedback and Support

Your invaluable feedback fuels the evolution of Azure Sync for Jira Assets. Share your insights, and together, we'll cultivate a more refined and impactful user experience! 📊🌱

...