At Level Access, we are committed to security and privacy. Please see our Trust Center for more information about how we keep you secure.
On this page:
- How are issue tracking integrations initially established?
- What authentication mechanism is used between the platform and issue tracking tools?
- What direction does data flow?
- What information does the connection have access to?
- Is encryption guaranteed?
- Are audit logs available?
- Who has access to the information on the Level Access Platform?
How are issue tracking integrations initially established?
Issue tracking integrations are initially established by an organization administrator in the platform and administrative level issue tracking accounts. Learn more about how you establish issue tracking connections with each tool we support below.
Integrate with Jira
Jira integrations are established by an organization administrator (platform) and a Jira account with the following requirements (we recommend using a centrally managed service account to avoid any interruptions):
Administrative access in Jira with the following permissions:
- Global permissions:
- Browse users and groups
- Create and manage webhooks
- Project permissions for the projects you want to connect to the platform:
- Browse projects
- Create issues
- Edit issues
- Transition issues
- Create attachments
- Add comments
- Delete all comments
- If issue-level security is configured, issue-level security permission to view the issue.
Other requirements/restrictions include:
- Jira instance must support application links.
- URL for the Jira instance must be https.
- The platform may not be able to support all Jira calls for on-premise Jira.
Learn more about setting up a Jira connection.
Integrate with Azure DevOps
Azure DevOps integrations are established by an organization administrator (platform) and an Azure DevOps Administrative Access account (we recommend using a centrally managed service account to avoid any interruptions).
Note the following restrictions:
- The token must be reset at the end of the expiration date.
- Full access tokens do not grant us access to your Azure DevOps. Level Access will not be able to see your projects and data.
- You can only access the token when it’s created. It won’t be available in the future.
Learn more about setting up an Azure DevOps connection.
Integrate with Asana
Azure DevOps integrations are established by an organization administrator (platform) and...
Learn more about setting up an Asana connection.
What authentication mechanism is used between the platform and issue tracking tools?
Issue tracking tool | Authentication mechanism |
---|---|
Jira |
0Auth 2.0 for cloud 0Auth 1.0 for on-premise and cloud connections that don’t support 2.0 |
Azure DevOps | Personal API access token |
Asana | Personal API access token |
What direction does data flow?
All issue tracking connections have unidirectional and bidirectional data flow. Learn more about the data flow between each tool and the platform.
Jira data flow
To simplify issue tracking in Jira for you and your team, the following task details are exchanged between the platform and Jira.
Pushed to Jira | Pulled from Jira | Synced between platform and Jira |
Task name | Summary | Task status |
Rule description | Link to ticket | Comments |
Tool name | Ticket type | |
Severity | Status | |
WCAG success criteria | Assignee | |
Why it matters | Priority | |
What to do | ||
Link to the task in the platform | ||
Screenshots and attachments |
Azure DevOps data flow
To simplify issue tracking in Azure DevOps for you and your team, the following task details are exchanged between the platform and Azure DevOps. Note that manual and automated findings have different finding details, so what’s pushed to Azure DevOps will vary. The information under Pushed to Azure DevOps is from automated findings.
Pushed to Azure DevOps | Pulled from Azure DevOps | Synced between the platform and Azure DevOps |
---|---|---|
Task name | Link to Azure ticket | Task status |
Rule description | Ticket type | Comments |
Tool name | Azure assignee | |
Severity | Azure priority | |
WCAG success criteria | Azure status | |
Why it matters | ||
What to do | ||
Link to the task in the platform | ||
Attachments |
Note the following conditions of the Azure DevOps-platform sync:
- Deleted comments won’t sync.
- Any platform project attachments larger than 60 MB won’t sync with Azure DevOps.
- The platform only syncs the first 10 attachments uploaded to an Azure DevOps ticket.
Asana data flow
Note: The platform can't identify attachments in Asana comments. If an Asana comment has text and an attachment, only the text will sync with the platform. If the Asana comment only has an attachment, the comment will sync as an empty comment on the task.
To simplify issue tracking in Asana for you and your team, the following task details are exchanged between the platform and Asana.
Pushed to Asana | Synced between the platform and Asana |
---|---|
Title | Comments |
Description | Attachments |
Statuses |
What information does the connection have access to?
Jira endpoint calls
Each Jira connection has the following access:
- Read:
- Issue id or key
- User names
- List of users that can be assigned to an issue
- Project statuses
- Workflow status
- Issue transition
- Issue type
- All projects visible to user
- Project details
- Details of projects, issue types within projects, and when requested, the create screen fields for each issue type for the user
- Attachment settings (whether attachments are enabled and the max attachment size)
- Labels
- Write:
- Comments
- Attachments
- Do transition
- New issues or subtasks
- Delete:
- Comments
Azure DevOps endpoint calls
- Read:
- Link to Azure work item
- Ticket type
- Azure assignee
- Azure priority
- Azure status
- Comments
- Write:
- Task name
- Description
- Comments
- Attachments
- Delete:
- Comments
Asana endpoint calls
- Read:
- Comments
- Attachments
- Statuses
- Write:
- Task title
- Description
- Attachments
- Statuses
- Delete:
- Comments
- Attachments
Is encryption guaranteed?
Each issue tracking connection uses HTTPS for encryption in transit. Learn more about HTTPS.
Are audit logs available?
No, audit logs aren't available.
Who has access to the information on the Level Access Platform?
Issue tracking information is stored within the customer tenant and only accessible by users who have been explicitly granted access to that tenant. This may be a mix of Level Access staff and customer users, or just Level staff. Level staff are only granted access to customer tenants with an explicit business purpose. For example:
- Support
- Accessibility testers who are conducting assessments
- Customer Service Managers
All access to customer tenants must be documented and approved.
Comments
0 comments
Article is closed for comments.