Security details about 2-way integration of Microsoft Teams and Jira On-Premises.
All communication with Move Work Forward systems is TLS/SSL encrypted using a AWS managed certificate.
Things to know from the Jira side
When Advanced Microsoft Teams Jira Connector is installed it creates an Application Link for the Move Work Forward middleware system. It permits Jira components to call to the external system.
Important: you can delete the Application Link if you don’t plan to use 2-way integration.
Important: the Application Link will be created if you do decide to use 2-way integration in the future while mapping user accounts.
When you register your Jira tenant (System → Microsoft Teams → Bot Settings → Register). There is an API call to the Move Work Forward middleware system to register your Jira tenant. For a call to work, outgoing Internet access to the Move Work Forward system should be permitted. Tenant registration tenant call sends some security information for the Move Work Forward systems to be able to connect to Jira, BUT not all information is sent. The missing part is sent after the user account mapping.
When you are registering, the URL provided should be publicly accessible to Move Work Forward systems and your users. It is used as a base Jira URL for different actions and API calls.
When the users map Microsoft Teams and Jira accounts (using
connectcommand in Microsoft Teams bot chat), they are redirected to the protected Jira page when they Allow/Deny the usage of their Jira account when doing things in Jira (act-on-behalf permission). During this time the user keys are securely sent to the Move Work Forward system for encrypted storage. As a result, Move Work Forward has 4 keys required to act on behalf of the user in Jira.
If you need more details please feel free to contact us.
Things to know from the Move Work Forward side
The sensitive information is sent via TLS/SSL connection and encrypted at rest using AWS KMS managed RSA256 tenant-specific keys.
Only the CEO/Founder of Move Work Forward has access to the production systems.
Move Work Forward system stores the following data:
host base URL
who mapped Jira to Microsoft Teams
when the mapping has happened
If you need to delete your data mapping in our system please contact us.
You need to enable outgoing traffic to
Move Work Forward system is deploying in the US-EAST-1 region of AWS. Our system is 100% Serverless, so we rely on Amazon for all security patches on OS levels.
We use the following AWS components:
AWS API Gateway
AWS Key Management Service
AWS Certificate Manager
AWS Dynamo DB
AWS Cloud Watch
If you need our infra to be deployed to another region, please let us know.