Note: This documentation applies to the Standard, Plus, and Frontline editions of Gemini Enterprise. For information about the Business edition, see the Gemini Enterprise - Business edition Help Center.

Set up a Jira Data Center data store

This page describes how to create a data store and connect Jira Data Center to Gemini Enterprise.

Before you begin

Before you set up your connection, do the following:

Grant the Discovery Engine Editor role (roles/discoveryengine.editor). This role is required for the user to create the data store. To grant this role, do the following:
1. In the Google Cloud console, go to the IAM page.
  Go to IAM
2. Locate the user account and click the edit Edit icon.
3. Grant the Discovery Engine Editor role to the user. For more information, see IAM roles and permissions.
Complete the steps in Set up authentication and obtain client credentials to get the client ID and client secret, and set up permissions.
If your Jira Data Center instance uses a private IP, publish a Private Service Connect producer service for your Jira Data Center instance. For more information about using Private Service Connect to connect Gemini Enterprise to self-hosted data sources, see Introduction to self-hosted data sources.

If you are using the data ingestion connection mode, you must meet these additional requirements:

Verify that you have the Jira System Administrators permission to fetch Access Control List (ACL) information.
If you have set up issue-level security in Jira, install the Permission Accessor for Jira Data Center plugin. This plugin provides REST endpoints to Gemini Enterprise. These endpoints enable Gemini Enterprise to retrieve space permission details, content restrictions, and email addresses of licensed users. This information is then used to ensure that the correct permissions are applied within the Gemini Enterprise search experience.

Create the Jira Data Center data store

To create the Jira Data Center data store, do the following:

In the Google Cloud console, go to the Gemini Enterprise page.

Gemini Enterprise
Select or create a Google Cloud project.

Note: To access the unified flow, your project must be on the allowlist.
In the navigation menu, click Data stores.
Click Create data store.
In the Source section, search for Jira Data Center, and click Select.
In the Data section:
1. In the Connector mode section, select Data ingestion or Federated search.
2. Click Continue.
3. In the Authentication settings section, configure authentication based on your chosen connection mode.
  1. Provide the authentication details.
    - For Federated search, provide the following details:
      - Instance URI: The base URL of your Jira Data Center instance, for example, https://jira.yourcompany.com.
        
        Note: Ensure the URL includes the protocol (https://) and does not end with a trailing slash.
      - Client ID: The unique identifier for the OAuth application registered with Jira Data Center.
      - Client secret: The Secret Manager secret that contains the client secret for authenticating requests.
      To obtain these credentials, see Set up authentication and obtain client credentials.
    - For Data ingestion, select one of the following authentication methods: Username and Password, Personal access token, or API token, and then enter the required details.
  2. Click Continue.
4. From the Destination type list, select Public or Private.
  - If you selected the Public destination type, for Domain URL, enter your public URL. This must match the instance URI.
  - If you selected the Private destination type, enter the following information:
    1. Service attachment: Enter your Private Service Connect service attachment. To obtain this, you need to publish a Private Service Connect producer service for your Jira Data Center instance.
    2. If the region of your Private Service Connect service attachment is different from the region of your data store, select the Enable PSC Global Access checkbox.
    3. For an instance with a Domain URL:
      - Optional: Base domain name: Enter your base domain.
      - Domain URL: Enter your domain URL. This must match the instance URI.
      - Optional: Destination port: Enter your destination port.
    4. For an instance without a Domain URL:
      - Destination port: Enter your destination port.
    Note: Private connectivity is required when connecting to private, on-premises authentication endpoints.
5. Click Continue.
6. Optional: Click Advanced options.
  - If you selected Federated search, do the following:
    1. If you enable the SSL settings checkbox, select a Trust Model from Private, Public, or Insecure, and then configure the required fields. For more information on trust models, see Trust models.
      - Public: Use this option if your Jira Data Center instance uses certificates issued by a publicly trusted CA.
      - Private: Use this option if your Jira Data Center instance uses certificates signed by a private or internal CA.
      - Insecure: This option bypasses certificate validation. It is not recommended for production environments as it can expose your connection to security risks.
      The following fields are common to all Trust Models:
      - Keystore Client Certificate: The client certificate in PEM format. For example, -----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----.
      - Keystore Client Private Key: The private key for the client certificate in PEM format.
      - Keystore Client Private Key Passphrase: The passphrase for the client private key, if applicable.
      The following additional detail is required for the Private Trust Model:
      - Private Certificate: The public certificate of the private CA in PEM format.
  - If you selected Data ingestion, do the following:
    1. Select the Enable Static IP Addresses checkbox. After creating the data store, you must allowlist the registered static IPs to ensure sync runs succeed.
    2. In the Max QPS field, specify the maximum number of queries sent to the Jira Data Center data store per second.
    3. Select the Enable Custom Fields checkbox. If enabled, the data store fetches custom fields from the Jira Data Center.
    4. If required, select the Proxy settings and SSL settings checkboxes to enable them.
7. Click Continue.
8. In the Entities to search (if you selected Federated search) or Entities to sync (if you selected Data ingestion) section:
  1. Select all the required entities.
  2. If you selected Federated search, proceed to the next step.
  3. If you selected Data ingestion, continue with the following steps:
    1. Optional: To sync specific projects, do the following:
      1. Click Filter.
      2. To filter entities out of the index, select the Exclude from the index checkbox, or to ensure that they are included in the index, select the Include in the index checkbox.
      3. Enter the keys. Press Enter after each key.
      4. Click Save.
    2. To configure the sync schedule, do the following:
      1. In the Sync frequency list, select a sync frequency.
        
        To schedule separate full syncs of entity and identity data, expand the menu in the Full sync section and then select Custom options.
      2. In the Incremental sync frequency list, select an incremental sync frequency.
      For more information, see Sync schedules.
Click Continue.
In the Configuration section:
1. From the Multi-region list, select the location for your data connector.
2. In the Data connector name field, enter a name for your connector.
3. If you selected US or EU as the location, configure the Encryption settings:
  - Optional: If you haven't configured single-region keys, click Go to settings page to do so. For more information, see Register a single-region key for third-party connectors.
  - Select Google-managed encryption key or Cloud KMS key.
  - If you selected Cloud KMS key:
    - In the Key management type list, select the appropriate type.
    - In the Cloud KMS key list, select the key.
  For more information, see Customer-managed encryption keys.
Click Continue.
In the Billing section, select General pricing or Configurable pricing. For more information, see Verify the billing status of your projects and Licenses.
Click Continue.
Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data stores page.
If you selected the Private destination type and configured your Private Service Connect producer service to Accept connections for selected projects (explicit approval), do the following:
1. In the Google Cloud console, search for Private Service Connect and go to the Private Service Connect page.
2. Click the Published services tab.
3. Click the name of the Private Service Connect service corresponding to your Jira Data Center data store.
4. In the Connected projects section, select the checkbox next to the Gemini Enterprise tenant project for the data store, and then click Accept project. The Gemini Enterprise tenant project ID ends in -tp.
The data store status remains as Creating in the Data Stores page until you click Accept project on the service details page within Private Service Connect. After you click Accept project, the data store status changes to Active.

To verify the state of the data store, do the following in the Data stores page:

Navigate to the newly created data store in the data store list and monitor its state until it changes to Active.
When the data store state changes from Creating to Active, the Jira Data Center connector is ready to be used.

After creating the data store:

Create an app.
Connect it to the Jira Data Center data store.
Authorize Gemini Enterprise to Jira Data Center before executing any queries.

For information on permissions required to perform search, see Required permissions.

Data handling and query execution

This section describes how Gemini Enterprise manages your query and the privacy implications of using the federated data store.

Query execution

After you authorize Jira Data Center and send a search query to Gemini Enterprise:

Gemini Enterprise sends your search query directly to the Jira Data Center API.
Gemini Enterprise blends the results with those from other connected data sources and displays a comprehensive search result.

Data handling

When using third-party federated search, the following data handling rules apply:

Your query string is sent to the third-party search backend (Jira Data Center API).
These third parties may associate queries with your identity.
If multiple federated search data sources are enabled, the query might be sent to all of them.
Once the data reaches the third-party system, it is governed by that system's terms of service and privacy policies.

What's next

To provide a user interface for querying your Jira Data Center data, create an app and connect it to the Jira Data Center data store.
To preview how your search results appear after your app is set up, see Get search results.
To enable alerts for the data store, see Configure alerts for third-party data stores.