PLEASE NOTE: THIS ADVISORY IS ONLY FOR CUSTOMERS USING zAgileConnect FOR SALESFORCE AND JIRA CLOUD
Background
In a recent notification, Salesforce has mandated specific and urgent security requirements to the providers of Connected Apps that are used in more than one Production org.
This includes zAgileConnect for Salesforce and Jira Cloud.
The requirements must be in place by May 11. For more details, please refer to the following post from Salesforce:
Secure Your Connected Apps and External Client Apps
In summary, the requirements, as they pertain to the Connected App provided with zAgileConnect, consist of the following:
-
Enable PKCE (Proof Key for Code Exchange) -- *previously enabled*
-
Enable Refresh Token Rotation
-
Idle Refresh Token TTL configured for 30 days
-
Refresh Token IP Range Allow List
As a result of this mandate and the deadline, the zAgileConnect Add-on for Jira Cloud is being updated to be in compliance with Salesforce’s requirements.
This update will be deployed today (Friday May 8) at 8pm PDT. In addition, Refresh Token Rotation will also be enabled simultaneously for the Connected App provided with zAgileConnect.
On May 11, at 8pm PDT, the remaining two requirements will be implemented:
-
Idle Refresh Token TTL configured for 30 days
-
Refresh Token IP Range Allow List
How it impacts you
The changes are expected to be transparent to our customers using zAgileConnect with Jira Cloud.
However, we strongly recommend that customers review the Salesforce Connection Status in Jira on May 12. If any issues are encountered in the connection from Jira to Salesforce, a re-authentication step (sign in to Salesforce from Jira) should resolve it.