search
Ctrlk

Install Nightfall for Jira

Step by step instructions on installing the Nightfall for JIRA integration

This document explains the process of installing Nightfall for Jira.

hashtag
Prerequisites

The installation of Jira integration requires you to have the following prerequisites

  • An Atlassian tenant with Jira enabled.

  • Standard Atlassian user account used as a Service Account - A regular Atlassian user account (has a password, can log into the Atlassian UI) that is shared or dedicated for system use rather than belonging to a specific person.

    • Has a password and can log in via the browser

    • Has its own dedicated email (e.g., [email protected]envelope or an AD account)

    • ❌ Not Supported - Atlassian Service Account (Programmatic)

      Atlassian's native "service account" feature, designed for programmatic access only.

      • No password - cannot log in via the browser UI

      • Cannot complete Nightfall's OAuth consent screen

      • Also lacks the issue:redact scope, so Jira historical redaction would not work even if supported

      • Cannot be created programmatically (must be created manually in Atlassian Admin)

  • You must have access and must be logged in to the Atlassian account.

hashtag
How Nightfall Uses the Connected Account

Function

Credentials Used

OAuth flow - discovering Jira/Confluence sites

Installing user (service account)

All DLP scanning

Nightfall App credentials - NOT the user

Jira historical redaction API

Installing user (service account)

All other APIs

Nightfall App credentials

Key implication: Revoking the service account's Atlassian permissions will NOT affect scanning. It only affects Jira historical redaction, which falls back to replacing text with [Sensitive Data Removed] instead of native API-based redaction.

hashtag
Recommended Setup: Service Account Installation

Follow these steps for a fresh installation or when re-authorizing to switch from an individual account to a service account.

Step 1 - Create the Atlassian Service Account

Create a dedicated Atlassian user account to serve as the service account:

  1. Use a shared mailbox or AD account email (e.g., [email protected])

  2. This must be a standard Atlassian user account - it needs a password and must be able to log into Atlassian via the browser

  3. Assign it the necessary Jira/Confluence admin permissions to complete the OAuth flow

Step 2 - Add the Service Account as a Nightfall System Administrator

This step is critical. It ensures that the service account email (not a personal admin's email) is shown in Nightfall's Integrations page.

  1. Log into the Nightfall console as a current admin

  2. Go to Settings → Users

  3. Invite the service account email (e.g., [email protected]) and assign the System Administrator role

  4. Have the service account complete the Nightfall invitation/login flow

Step 3 - Install / Re-authorize Jira Using the Service Account

Use an incognito/private browser window for the entire flow to avoid conflicts with any personally logged-in Atlassian accounts.

  1. Open an incognito tab

  2. Log into Jira/Atlassian with the service account credentials

  3. In the same incognito tab, open the Nightfall console and log in as the service account user (the System Administrator added in Step 2)

  4. Navigate to Configuration → Integrations → Jira

  5. Click "+ Add Site"

  6. Select your Atlassian site from the dropdown

  7. Click "Accept" to grant Nightfall permissions

  8. Click the Jira icon to open the Atlassian Marketplace

  9. Select "Get it now" on the DLP for Jira app page

  10. Choose your site and click "Install app" → confirm "Get it now"

After installation, Nightfall automatically configures the integration and shows an "Alert Destination" label.

Step 4 - Verify

In Nightfall Console → Integrations → Jira, confirm:

  1. The email shown matches the service account email (e.g., [email protected])

  2. The site appears with "Alert Destination" status

If the email shown matches the service account - setup is complete and correct.

When you return to the Nightfall application, the appearance of the JIRA icon changes once the DLP for Jira app is installed. This confirms the successful installation of the DLP for Jira app.

circle-info

Important

Once you install the DLP for Jira application on an Atlassian account, Nightfall automatically configures the Alert platform with this Jira account. You can confirm this by navigating to Settings -> Alert platforms in Nightfall.

In the Atlassian integration page, there is a phrase attached to this Atlassian account known as Alert Destination which also confirms that this Jira is used as an Alert platform.

When you install DLP for Jira on another Atlassian account, the alert destination automatically shifts to the new Atlassian account on which the DLP for Jira is recently installed.

hashtag
Re-authorizing an Existing Connection (No Fresh Install Needed)

If the integration already exists but was set up with an individual admin account, you can switch to a service account without disconnecting or reinstalling.

  1. Complete Steps 1 and 2 above (create service account + add to Nightfall as System Admin)

  2. Open an incognito tab; log into Jira with the service account

  3. Open Nightfall console in the same tab; log in as the service account Nightfall user

  4. Go to Integrations → Jira → click "+ Add Site"

  5. Complete the OAuth flow with the service account

The credentials are overwritten in-place. No disruption to policies, violations, or scanning.

PreviousGetting StartedNextConfiguring Alerts for Jira

Last updated

Was this helpful?