SharePoint Connector for Jira – Permission Requirements and Reauthorization Process

Problem:

Users integrating Microsoft SharePoint with Jira via the SharePoint Connector for Jira may encounter issues related to permission requirements and recurring authorization prompts after the Connect to Forge app update/migration. Common symptoms include:

• Requests from IT or DevOps teams for clarification on the required SharePoint permission levels (Read, Write, Full Control).

• End users being prompted to reauthorize the SharePoint Connector, even though the app appears as "CONNECTED" in Atlassian's Connected Apps section.

• Loss of integration with SharePoint/OneDrive, resulting in access problems for users.

• No visible option in Jira to re-initiate or restore the Microsoft admin consent flow.

• These issues may occur after changes in the app’s authentication flow, such as migration to Atlassian Forge, or updates to Microsoft 365 OAuth/consent policies.

Application:

Atlassian Platform: Jira Cloud
Product: SharePoint Connector for Jira

Solution :

1. Required Permissions for SharePoint Connector

   • The SharePoint Connector requires a one-time authorization by a SharePoint or Azure administrator.

   • The admin must grant consent for the app to access SharePoint resources on behalf of the organization.

   • The recommended permission level is Full Control to ensure all connector features work without context switching. For details, refer to the official permissions setup guide:
     https://ikuteam.atlassian.net/wiki/spaces/IAD/pages/3257668424

   • The admin performing this task does not need to be a Jira admin but must have SharePoint tenant/admin rights.

2. One-Time Authorization Process

   • A SharePoint/Azure admin should initiate the consent flow from Jira using their own account.

   • This process authorizes the app for the entire organization.

   • After approval, all other users can authenticate and use the connector with their own accounts without further admin intervention.

3. Reauthorization and Troubleshooting

   • If users are prompted to reauthorize or lose access, it may be due to:

     • Expired or invalidated OAuth authorization in Microsoft 365.

     • Recent updates to the app (e.g., migration to Atlassian Forge) that require renewed admin consent.

     • Changes in Microsoft or Atlassian authentication systems.

   • To restore access:

     • A Microsoft Global or SharePoint Admin must reauthorize the app by following the consent flow described in the permissions setup guide.

     • Start the connect folder action in the SharePoint Connector app and the OAuth flow will start

     • Ensure no configuration changes or permission revocations have occurred on the Microsoft 365 side.

4. Best Practices

   • Always use a SharePoint/Azure admin account for the initial or renewed authorization.

   • Document the authorization process and maintain a record of who performed the consent.

   • If recurring authorization issues persist, contact the app vendor for updated guidance, as platform migrations (e.g., to Atlassian Forge) may impact the authentication process.

References

• https://ikuteam.atlassian.net/wiki/spaces/IAD/pages/3257668424

• https://ikuteam.atlassian.net/wiki/spaces/IAD/pages/3314352129/Using+the+file+manager+SP+JC#Connect-a-place

• Example admin settings and troubleshooting:
  https://ikuteam.atlassian.net/wiki/spaces/IAD/pages/3308654978/Admin+settings+SP+JC#Replicate-storage-permissions

If further issues occur or the reauthorisation option is missing, please reach out to support with detailed logs and screenshots for support.