See https://support.esign-app.com for eSign Documentation and Support
Jira Workflow Configuration
- Chris Cairns
Contents
It is possible to integrate eSign with Jira workflows through advanced workflow configuration.
Workflow Validators
Note that Jira Cloud currently (as of May 2024) does not support validators or post-functions in Team Managed Projects. Use Company Managed Projects to configure these advanced workflow options.
Required Signatures Validator
The eSign addon includes a custom workflow Validator that can be leveraged to control workflow. It can be used to require a certain number of signatures in the current status (or total) before a transition to the next status is allowed.
Add the eSign: Signatures Required validator in the desired transition using the Jira workflow editor:
Select the minimum number of signatures required and indicate if current status or any status. Also indicate if the condition should block issues with Pending Signatures.
User is a Signee Validator
This new validator will verify that the user transitioning the issue has already signed the issue in the current workflow state.
Void signatures or signatures from previous states will not pass.
Workflow Post Functions
Create Pending Signatures Post Function
This post function will initialize signatures on an issue and create 1 or more Pending Unassigned signatures. Use this to add clarity on what signatures are required for users.
This will also force the Signatures panel to display on an issue without any user pressing the Signatures quick add button.
Invite Users to Sign Post Function
Add this post-function to any workflow transition to Invite specific users to sign the issue. Configure by Predefined Signees, Group, or reference a User Field that will contain that users to invite.
Example
Finalize Signatures Post Function
Add this post-function to any workflow transition to automatically finalized signatures. This function will also generate the PDF Signature archive if enabled for the project.
Note that the PDF upload will occur after Jira has transitioned the issue to the next status. Because of this it is important that the issue remains editable by the eSign App user in the following transition. If the issue needs to be locked down from user changes, use the jira.permissions.edit.* approach described below.
Reopen Signatures Post Function
This post-function will reopen Signatures previously finalized (either manually or via the auto-finalized post-function).
Administrative Action (Cancel Pending/Void/Reset) Post Function
There is an optional post function that can be enabled in Jira to automatically revise signatures on an issue. The Void/Reset are typically used to in re-open type workflows where signatures need to be re-captured. To enable this, add the eSign: Administrative Action post function to the appropriate transition(s) in the workflow.
Signatures on Read-Only issues
For customers that want to lock down issues while they are in review/being signed, it is possible to customize the Jira workflow to accomplish this. Note that although the jira.issue.editable=false workflow status property will prevent editing of users, it also prevents the eSign app from saving Signatures, comments and attachments.
Instead, to prevent users from editing issues, but still allow the eSign app to accept and store signatures, use one of the following options in jira.permission.edit.* property setting for the workflow status that needs to be limited.
eSign Security: Note that eSign standard security allows signatures for users that have edit access to the project issues. If the users need to be able to Sign issues while they are locked down and read-only, enable the eSign Advanced Security option and grant Execute Signature permission to the user roles/groups that need to sign.
Option #1 - Restricting to atlassian-addons-project-access role
The atlassian-addons-project-access role is a role automatically created by Jira. Every installed App is placed in this role by default. No users are in this role. By limiting edit permission to this role prevents users from modifying the issue but apps (like eSign) still can work with them.
The approach is confirmed to work with Company Managed projects. Team managed projects do not display this role in the Access configuration area, and testing is inconclusive.
In the workflow status properties, add the following property and value:
Property Key | Property Value | Comment |
|---|---|---|
jira.permission.edit.projectrole | 10003 | The value of 10003 is the default value for the role. This can be confirmed in the Jira System Administration > Project Roles by hovering over the atlassian-addons-project-access role |
See Use workflow properties | Atlassian Support and this community posting for more information.
Workflow Properties to Only Allow "Automation for Jira" User Edit Access
Option 2 - Restricting to the eSign for Jira user
When eSign for Jira is installed, Jira adds an “app user” of the same name into the instance. This account is used by eSign to save the signature metadata within the issue.
This approach is confirmed to work for Team Managed projects.
Adding the following property key and value to any workflow states that should be read only to users but still allow eSign to update signature data.
Property Key | Property Value | Comment |
|---|---|---|
jira.permission.edit.user |
| This is the account ID of the eSign for Jira app-user. |
Prevent Signature Changes on Closed Issues,
To sign an issue, the user must have view access to the issue and the issue must be editable (unless the Advanced Security option is enabled) and Signatures are still Open (not Finalized).
Once signatures are Finalized. Only a user with project admin (default security) or the administer signatures permission can reopen/change signatures.
It is possible to control which issue workflow states can allow Signatures via eSign Project Settings.
Post Function Processing - Note that Jira post-functions are processed AFTER the status of an issue is changed. jira.issue.editable=false will prevent eSign from uploading the PDF file if set on the issue state after the transition. Instead use the jira.permission.edit.* property as described above to lock down issues.