This page details how our app connects to Jira.
Outlook Email for Jira provides multiple ways to connect to Jira depending on the system and how it is configured. It shows a security indicator on top that explains how it is connected:
Direct connection with COM add-in
When using our COM add-in, it will always use a direct connection. As we are running a program on the local computer, we are not limited by the used browser.
Direct connection Office add-in
The Office add-in only runs in the browser, so we have to respect the given restrictions. Jira does not send CORS headers in a consistent and reliable manner, so we need to rely on some other techniques. In our case we do the trick with an iFrame provided by the Jira app. By embedding it in Jira in Outlook, the Jira system is part of the add-in and it is not cross-domain anymore.
This requires your Jira system to run on https - otherwise we cannot embed the iFrame due to mixed content
The mentioned iFrame is located at
Whenever we cannot connect with a direct connection, we use our Cloud Connect.
Cloud Connect is a proxy hosted by us. This way we can get around a lot of the restrictions for web apps. However, because every request is proxied via our servers, the Jira system needs to be public.
We know it might looks scary that your Jira data leaves your local Intranet, so we use the highest security standards possible. We never store or log any information on this proxy, it's just a pass-trough system. Especially with OAuth this is very secure because all requests are singed by one-time tokens only valid for a specific URL. No generic access is possible.
Furthermore we support multiple ways to authenticate your users.
Most recommended is using OAuth. It is possible when you have installed our Jira app and configured the application link correctly. The Outlook app will show a warning on top when using a different authentication type.
Jira Cloud provides API Tokens that can be created by users instead of using the actual password. Consider it as a password only for this application.
We only recommend API Tokens for the evaluation period when the Jira app is not installed yet. Make sure to invalidate the API Token once you have switched to the recommended approach OAuth
Username & password
Jira Server does not provide API Tokens, so we have to fallback to plain username & password, if the application link for OAuth us not set up correctly.
Again, we only recommend username & password for the evaluation period when the Jira app is not installed yet. Consider changing the password, once you have switched to OAuth.