How To's

 

Feature

Description

Authorizing users

Once installed, the OnLink app is available to Jira admins. Admins can access the app from “Manage your apps” menu to configure system connections. For each of the connections, they can authorize both projects and users/groups. This restricts the usage of OnLink functions to those projects and users.

 

Field Mapping

Field mapping (input and output) needs to be configured for all functions.

Input Field Mapping - The label indicates the field that the target system expects as input. The drop down shows list of all custom fields available. Select the one that contains the value, for example in the screenshot below you would select the field that contains the Workday Employee ID. Make sure this field is available on your issue screen. OnLink supports string, date, number and single select types.

Output Field Mapping - Status is a field that gets populated once the function executes. This will be populated with “Success” or with an error message that the function returns.

 

Webhooks

Webhooks are automated messages sent from apps when something happens. For example, you may be able to configure a webhook in your HR system to send a message to OnLink whenever a new hire or termination is entered. This allows for OnLink to be notified of such events and create a Jira or JSM issue. To configure a webhook, go to OnLink (Apps menu - Manage your apps - OnLink) and access the Webhooks menu. Then select Add Webhook and enter the details in the form. The project and issue type selection drives the location where an issue is created whenever a webhook event is processed. The Attributes section provides field level mapping and other configuration. You can copy the Webhook url which you will need to configure the Webhook in your HR system.

Here’s an example of attributes:

key:id=customfield_10121
map:first_name=customfield_10122
map:last_name=customfield_10123
config:summary='Candidate offboarding: ', {customfield_10122}, ' ', {customfield_10123}
config:auth_scheme=basic_auth
config:auth_username=<enter a username here>
config:auth_password=<enter a password here> fields like password, api tokens, etc are encrypted once saved. They appear as “enc__<encryptedstring>

OnLink supports these types of authentication: “basic_auth”, “auth_token”, “request_signing_lever”, “request_signing_ashby” and others. Request Signing option expects config:signature_token with a unique token that’s used for signing. See this link for more info on how this option is used for Lever.

Use of “key” attribute ensures that any new updates to this object is treated as a change and the exiting issue is updated. If you want to disable update checks, then set this parameter: config:ignore_update_check=true

IdM Security Controls

OnLink provides two levels of security controls for all directory integrations - Okta, Jumpcloud and Azure AD.

On the second screen in System Settings, ad admin can select groups, apps and licenses (only for Azure). These are the values that are then available for users to select from. For example, in the screenshot below the admin has allowed only two groups MSFT and US Sales. So a user submitting a ticket for group access can only select from these two, even if Azure has many other groups. This allows for sensitive groups to not be available for selection.

 

Here’s a video that walks you through the settings.

https://www.loom.com/share/c0c1f183ca4548a6a41ee899d3d42c43

Job Logs and Notifications

OnLink provides processing logs via the Job Logs page. Users can also click on Settings to setup a project/issue-type where an issue is created whenever an error occurs. Users can then add default watchers to get standard Jira notifications.

Please note that Job Logs are temporary and are automatically deleted every 48 hours. If you want to persist error messages then configuring the above is necessary.