> ## Documentation Index
> Fetch the complete documentation index at: https://docs.draftt.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Ticketing

Connect your ticketing platforms to Draftt to create issues for governance findings and track remediation through your existing workflows.

## Supported Platforms

<CardGroup cols={3}>
  <Card title="Jira" icon="jira">
    Atlassian OAuth integration for creating and tracking issues.
  </Card>

  <Card title="ServiceNow" icon="ticket">
    OAuth 2.0 Client Credentials for incidents and change requests.
  </Card>

  <Card title="Azure DevOps" icon="microsoft">
    Entra ID App Registration for work item creation.
  </Card>
</CardGroup>

## Setup Instructions

<AccordionGroup>
  <Accordion title="Jira">
    Jira connects via **Atlassian OAuth**. No API tokens or manual credential management required.

    <Steps>
      <Step title="Start the connection">
        In Draftt, go to **Integrations > Ticketing > Jira > Add**.
      </Step>

      <Step title="Authorize with Atlassian">
        You will be redirected to Atlassian to authorize Draftt. The app requests the following scopes:

        * `read:jira-work` -- Read access to Jira projects, issues, and workflows
        * `write:jira-work` -- Create and update issues on your behalf
        * `read:jira-user` -- Read user information for assignment
      </Step>

      <Step title="Select your site">
        If you have multiple Atlassian sites, select the one you want to connect.
      </Step>

      <Step title="Confirm in Draftt">
        After authorization, you are redirected back to Draftt. The Jira integration appears in your connected ticketing platforms.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="ServiceNow">
    ServiceNow connects via **OAuth 2.0 Client Credentials** -- a secure machine-to-machine flow with no user interaction required at runtime.

    <Steps>
      <Step title="Find your instance URL">
        Your instance URL is the base URL you use when logging into ServiceNow. Copy it from your browser's address bar. It looks like:

        ```
        https://your-company.service-now.com
        ```

        Enter this in the Draftt setup dialog.
      </Step>

      <Step title="Create a dedicated service account">
        Create a dedicated user for Draftt so the integration is not tied to a personal account.

        1. In ServiceNow, navigate to **User Administration > Users**
        2. Click **New**
        3. In the User ID field, enter a name (e.g. `draftt-service-account`)
        4. Set the **Identity type** to **Machine**
        5. Check the **"Internal Integration User"** checkbox
        6. Click **Submit**
        7. Open the user you just created, scroll to the **Roles** tab at the bottom
        8. Click **Edit** and add the following roles:
           * `snc_read_only`
           * `cmdb_read`
           * `snc_platform_rest_api_access`
           * `sn_cmdb_user`
        9. Click **Save**
      </Step>

      <Step title="Enable the Client Credentials grant type">
        Make sure the OAuth Client Credentials grant type is enabled on your instance. If the property does not exist, you will need to create it.

        1. Navigate to **System Properties** by opening:
           ```
           https://<your-instance>.service-now.com/sys_properties_list.do
           ```
        2. Search for the property `glide.oauth.inbound.client.credential.grant_type.enabled`
        3. If it exists, make sure the value is set to `true`
        4. If it does not exist, create a new property with:
           * **Name:** `glide.oauth.inbound.client.credential.grant_type.enabled`
           * **Type:** `true | false`
           * **Value:** `true`
      </Step>

      <Step title="Create an OAuth inbound integration">
        1. In ServiceNow, navigate to **Machine Identity Console**
        2. Open the **Inbound Integrations** tab
        3. Click **New**
        4. When prompted to select a connection type, choose **OAuth - Client credentials grant**
        5. Fill in a name (e.g. `draftt-oauth-app`)
        6. Under the user field, select the service account you created in Step 2 (e.g. `draftt-service-account`)
        7. In the Auth Scope section, click **Create auth scope**
        8. In the "Auth scope name" field, enter a name (e.g. `draftt-read-scope`)
        9. Under "Limit authorization to the following APIs", add **Table API**
        10. Enable the **"Allow access only to APIs in selected scope"** toggle -- this restricts the integration to only the APIs listed above
        11. Click **Submit**, then reopen the record and copy the **Client ID** and **Client Secret**
      </Step>

      <Step title="Enter your OAuth credentials">
        Back in the Draftt setup dialog, paste the **Client ID** and **Client Secret** from the OAuth application you registered in Step 4. Click **Create Integration**.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Azure DevOps">
    Azure DevOps connects via an **Entra ID (Azure AD) App Registration**, the same mechanism used for Azure DevOps source control.

    <Steps>
      <Step title="Register an App in Entra ID">
        In the Azure portal, go to **Entra ID > App registrations > New registration**. Create a new app (e.g. `Draftt-DevOps`) and copy the **Client ID** and **Tenant ID**.
      </Step>

      <Step title="Generate a client secret">
        In the App Registration, go to **Certificates & secrets > New client secret**. Copy the secret value.
      </Step>

      <Step title="Add a user in Azure DevOps">
        In Azure DevOps, go to **Organization Settings > Users > Add users**. Add the App Registration's service principal with **Basic** access level and **Project Contributors** group membership.
      </Step>

      <Step title="Enter details in Draftt">
        In Draftt, go to **Integrations > Ticketing > Azure DevOps > Add**. Enter the Client ID, Tenant ID, Client Secret, and your Azure DevOps **Organization name**. Click **Create**.
      </Step>
    </Steps>
  </Accordion>
</AccordionGroup>

## How It Works

When Draftt identifies a governance finding that requires action, it can automatically create a ticket in your connected platform. Each ticket includes:

* The governance finding and its business impact
* Affected resources and their owners
* Recommended remediation steps
* A link back to the finding in Draftt for full context

As the issue progresses through your team's workflow, Draftt tracks the status so you can monitor remediation progress across your entire tech stack.

## Verifying Your Connection

After setup, return to **Integrations > Ticketing** in Draftt. Each connected platform shows a status:

* **Healthy** - Draftt can create and read issues as expected.
* **Unhealthy** - Check that the OAuth authorization has not been revoked and that the connected user has the required permissions.
