Enterprise Application Objects Not Imported in Azure Asset Import
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Azure Assets integration import is not importing any objects under the Enterprise Application object type.
Environment
Jira Service Management Server/Data Center on any version from 4.22 and above
Diagnosis
Below are the errors observed in the Atlassian-jira.log for the Enterprise application object types.
2024-10-18 14:55:52,766+0300 insight-InsightImportThreadGroup-worker-thread-1 INFO ITServiceDesk [c.m.a.management.graphrbac.Applications list] <-- END HTTP
2024-10-18 14:55:52,782+0300 insight-InsightImportThreadGroup-worker-thread-1 ERROR ITServiceDesk [c.r.j.p.a.i.manager.impl.EnterpriseApplicationService] Error fetching Azure EnterpriseApplication data for subscription id #abc-lmn-xyz-efg
com.microsoft.azure.management.graphrbac.GraphErrorException: Status code 403, {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"abc","date":"2024-10-18T11:55:52"}}
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.microsoft.rest.ServiceResponseBuilder.build(ServiceResponseBuilder.java:122)
at com.microsoft.azure.AzureResponseBuilder.build(AzureResponseBuilder.java:56)
at com.microsoft.azure.management.graphrbac.implementation.ApplicationsInner.listDelegate(ApplicationsInner.java:407)
at com.microsoft.azure.management.graphrbac.implementation.ApplicationsInner.access$100(ApplicationsInner.java:45)
at com.microsoft.azure.management.graphrbac.implementation.ApplicationsInner$8.call(ApplicationsInner.java:289)
at com.microsoft.azure.management.graphrbac.implementation.ApplicationsInner$8.call(ApplicationsInner.java:285)Cause
The cause of the issue is that there are additional API permissions that need to be configured in order to import the Enterprise application, in addition to the permissions mentioned in the documentation.
Solution
Please follow below steps to resolve the issue.
- On the Azure dashboard, in the left navigation menu, select All services > Microsoft Entra ID.
- Go to the "App registrations" and Select the respective App Registration created for the Assets - Azure Integration.
- Select "API permissions" and then "Add a permission."
- Navigate to "APIs my organization uses."
- Click on "Windows Azure Active Directory."
- Select "Application permissions"
- Select and add Application and check "Application.ReadWrite.All"
- Click "Grant admin consent for <Your Subscription>".
Please see below screenshot from in-house environment for your reference.
After completing the above steps, please proceed to re-import the Enterprise application and confirm whether the objects are imported successfully.