# Install Nightfall for Jira
This document explains the process of installing Nightfall for Jira.
## Prerequisites
The installation of Jira integration requires you to have the following prerequisites
* An Atlassian tenant with Jira enabled.
* Standard Atlassian user account used as a Service Account - A regular Atlassian user account (has a password, can log into the Atlassian UI) that is shared or dedicated for system use rather than belonging to a specific person.
* Has a password and can log in via the browser
* Has its own dedicated email (e.g., [`nightfall-jira@company.com`](mailto:nightfall-jira@company.com) or an AD account)
* ❌ Not Supported - Atlassian Service Account (Programmatic)
Atlassian's native "service account" feature, designed for programmatic access only.
* No password - cannot log in via the browser UI
* Cannot complete Nightfall's OAuth consent screen
* Also lacks the `issue:redact` scope, so Jira historical redaction would not work even if supported
* Cannot be created programmatically (must be created manually in Atlassian Admin)
* You must have access and must be logged in to the Atlassian account.
## How Nightfall Uses the Connected Account
| **Function** | **Credentials Used** |
| ---------------------------------------------- | ---------------------------------------- |
| OAuth flow - discovering Jira/Confluence sites | Installing user (service account) |
| All DLP scanning | Nightfall App credentials - NOT the user |
| Jira historical redaction API | Installing user (service account) |
| All other APIs | Nightfall App credentials |
**Key implication:** Revoking the service account's Atlassian permissions will NOT affect scanning. It only affects Jira historical redaction, which falls back to replacing text with `[Sensitive Data Removed]` instead of native API-based redaction.
## Recommended Setup: Service Account Installation
Follow these steps for a **fresh installation** or when **re-authorizing** to switch from an individual account to a service account.
**Step 1 - Create the Atlassian Service Account**
Create a dedicated Atlassian user account to serve as the service account:
1. Use a shared mailbox or AD account email (e.g., `nightfall-jira@company.com`)
2. This must be a **standard Atlassian user account** - it needs a password and must be able to log into Atlassian via the browser
3. Assign it the necessary Jira/Confluence admin permissions to complete the OAuth flow
**Step 2 - Add the Service Account as a Nightfall System Administrator**
> This step is critical. It ensures that the service account email (not a personal admin's email) is shown in Nightfall's Integrations page.
1. Log into the Nightfall console as a current admin
2. Go to **Settings → Users**
3. Invite the service account email (e.g., `nightfall-jira@company.com`) and assign the **System Administrator** role
4. Have the service account complete the Nightfall invitation/login flow
**Step 3 - Install / Re-authorize Jira Using the Service Account**
Use an **incognito/private browser window** for the entire flow to avoid conflicts with any personally logged-in Atlassian accounts.
1. Open an incognito tab
2. **Log into Jira/Atlassian** with the service account credentials
3. **In the same incognito tab**, open the Nightfall console and log in as the **service account user** (the System Administrator added in Step 2)
4. Navigate to **Configuration → Integrations → Jira**
5. Click **"+ Add Site"**
6. Select your Atlassian site from the dropdown
7. Click **"Accept"** to grant Nightfall permissions
8. Click the **Jira icon** to open the Atlassian Marketplace
9. Select **"Get it now"** on the DLP for Jira app page
10. Choose your site and click **"Install app"** → confirm **"Get it now"**
After installation, Nightfall automatically configures the integration and shows an "Alert Destination" label.
**Step 4 - Verify**
In Nightfall Console → Integrations → Jira, confirm:
1. The **email shown** matches the service account email (e.g., `nightfall-jira@company.com`)
2. The site appears with "Alert Destination" status
If the email shown matches the service account - setup is complete and correct.
When you return to the Nightfall application, the appearance of the JIRA icon changes once the **DLP for Jira** app is installed. This confirms the successful installation of the **DLP for Jira** app.
{% hint style="info" %}
**Important**
Once you install the DLP for Jira application on an Atlassian account, Nightfall automatically configures the Alert platform with this Jira account. You can confirm this by navigating to **Settings** -> **Alert platforms** in Nightfall.
{% endhint %}
In the Atlassian integration page, there is a phrase attached to this Atlassian account known as **Alert Destination** which also confirms that this Jira is used as an Alert platform.
When you install **DLP for Jira** on another Atlassian account, the alert destination automatically shifts to the new Atlassian account on which the DLP for Jira is recently installed.
## Re-authorizing an Existing Connection (No Fresh Install Needed)
If the integration already exists but was set up with an individual admin account, you can switch to a service account without disconnecting or reinstalling.
1. Complete Steps 1 and 2 above (create service account + add to Nightfall as System Admin)
2. Open an incognito tab; log into Jira with the service account
3. Open Nightfall console in the same tab; log in as the service account Nightfall user
4. Go to **Integrations → Jira → click "+ Add Site"**
5. Complete the OAuth flow with the service account
The credentials are **overwritten in-place**. No disruption to policies, violations, or scanning.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.nightfall.ai/jira/installation.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.