Note: This documentation applies to the Standard, Plus, and Frontline editions of Gemini Enterprise. For information about the Business edition, see the Gemini Enterprise - Business edition Help Center .

Set up a Jira Data Center data store

This page describes how to create a data store and connect Jira Data Center to Gemini Enterprise.

Before you begin

Before you set up your connection, do the following:

Grant the Discovery Engine Editor role ( roles/discoveryengine.editor ). This role is required for the user to create the data store. To grant this role, do the following:
1. In the Google Cloud console, go to the IAMpage.
  Go to IAM
2. Locate the user account and click the edit Editicon.
3. Grant the Discovery Engine Editor role to the user. For more information, see IAM roles and permissions .
Complete the steps in Set up authentication and obtain client credentials to get the client ID and client secret, and set up permissions.
If your Jira Data Center instance uses a private IP, publish a Private Service Connect producer service for your Jira Data Center instance. For more information about using Private Service Connect to connect Gemini Enterprise to self-hosted data sources, see Introduction to self-hosted data sources .

If you are using the data ingestion connection mode, you must meet these additional requirements:

Verify that you have the Jira System Administrators permission to fetch Access Control List (ACL) information.
If you have set up issue-level security in Jira, install the Permission Accessor for Jira Data Center plugin . This plugin provides REST endpoints to Gemini Enterprise. These endpoints enable Gemini Enterprise to retrieve space permission details, content restrictions, and email addresses of licensed users. This information is then used to ensure that the correct permissions are applied within the Gemini Enterprise search experience.

Create the Jira Data Center data store

To create the Jira Data Center data store, do the following:

In the Google Cloud console, go to the Gemini Enterprise page.

Gemini Enterprise
Select or create a Google Cloud project.

Note: To access the unified flow, your project must be on the allowlist.
In the navigation menu, click Data stores.
Click Create data store.
In the Sourcesection, search for Jira Data Center, and click Select.
In the Datasection:
1. In the Connector modesection, select Data ingestionor Federated search.
2. Click Continue.
3. In the Authentication settingssection, configure authentication based on your chosen connection mode.
  1. Provide the authentication details.
    - For Federated search, provide the following details:
      - Instance URI:The base URL of your Jira Data Center instance, for example, https://jira.yourcompany.com .
        
        Note: Ensure the URL includes the protocol ( https:// ) and does not end with a trailing slash.
      - Client ID:The unique identifier for the OAuth application registered with Jira Data Center.
      - Client secret:The Secret Manager secret that contains the client secret for authenticating requests.
      To obtain these credentials, see Set up authentication and obtain client credentials .
    - For Data ingestion, select one of the following authentication methods: Usernameand Password, Personal access token, or API token, and then enter the required details.
  2. Click Continue.
4. From the Destination typelist, select Publicor Private.
  - If you selected the Publicdestination type, for Domain URL, enter your public URL. This must match the instance URI.
  - If you selected the Privatedestination type, enter the following information:
    1. Service attachment: Enter your Private Service Connect service attachment. To obtain this, you need to publish a Private Service Connect producer service for your Jira Data Center instance.
    2. If the region of your Private Service Connect service attachment is different from the region of your data store, select the Enable PSC Global Accesscheckbox.
    3. For an instance with a Domain URL:
      - Optional: Base domain name: Enter your base domain.
      - Domain URL: Enter your domain URL. This must match the instance URI.
      - Optional: Destination port: Enter your destination port.
    4. For an instance without a Domain URL:
      - Destination port: Enter your destination port.
    Note: Private connectivity is required when connecting to private, on-premises authentication endpoints.
5. Click Continue.
6. Optional: Click Advanced options.
  - If you selected Federated search, do the following:
    1. If you enable the SSL settingscheckbox, select a Trust Modelfrom Private, Public, or Insecure, and then configure the required fields. For more information on trust models, see Trust models .
      - Public: Use this option if your Jira Data Center instance uses certificates issued by a publicly trusted CA.
      - Private: Use this option if your Jira Data Center instance uses certificates signed by a private or internal CA.
      - Insecure: This option bypasses certificate validation. It is not recommended for production environments as it can expose your connection to security risks.
      The following fields are common to all Trust Models:
      - Keystore Client Certificate: The client certificate in PEM format. For example, -----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE----- .
      - Keystore Client Private Key: The private key for the client certificate in PEM format.
      - Keystore Client Private Key Passphrase: The passphrase for the client private key, if applicable.
      The following additional detail is required for the PrivateTrust Model:
      - Private Certificate: The public certificate of the private CA in PEM format.
  - If you selected Data ingestion, do the following:
    1. Select the Enable Static IP Addressescheckbox. After creating the data store, you must allowlist the registered static IPs to ensure sync runs succeed.
    2. In the Max QPSfield, specify the maximum number of queries sent to the Jira Data Center data store per second.
    3. Select the Enable Custom Fieldscheckbox. If enabled, the data store fetches custom fields from the Jira Data Center.
    4. If required, select the Proxy settingsand SSL settingscheckboxes to enable them.
7. Click Continue.
8. In the Entities to search(if you selected Federated search) or Entities to sync(if you selected Data ingestion) section:
  1. Select all the required entities.
  2. If you selected Federated search, proceed to the next step.
  3. If you selected Data ingestion, continue with the following steps:
    1. Optional:To sync specific projects, do the following:
      1. Click Filter.
      2. To filter entities out of the index, select the Exclude from the indexcheckbox, or to ensure that they are included in the index, select the Include in the indexcheckbox.
      3. Enter the keys. Press Enterafter each key.
      4. Click Save.
    2. To configure the sync schedule, do the following:
      1. In the Sync frequencylist, select a sync frequency.
        
        To schedule separate full syncs of entity and identity data, expand the menu in the Full syncsection and then select Custom options.
      2. In the Incremental sync frequencylist, select an incremental sync frequency.
      For more information, see Sync schedules .
Click Continue.
If you selected Federated search, in the Actionssection, from the Select Jira Data Center actions to enablelist, choose the actions to enable for the data store.

Note: If you skip adding actions in this step, you can add them later. For more information, see Add actions .

To manage the list of actions, see Manage actions .
Click Continue.
In the Configurationsection:
1. From the Multi-regionlist, select the location for your data connector.
2. In the Your data connector namefield, enter a name for your connector.
3. If you selected us or eu as the location, configure the Encryption settings:
  - Optional: If you haven't configured single-region keys, click Go to settings pageto do so. For more information, see Register a single-region key for third-party connectors .
  - Select Google-managed encryption keyor Cloud KMS key.
  - If you selected Cloud KMS key:
    - In the Key management typelist, select the appropriate type.
    - In the Cloud KMS keylist, select the key.
  For more information, see Customer-managed encryption keys .
Click Continue.
In the Billingsection, select General pricingor Configurable pricing. For more information, see Verify the billing status of your projects and Licenses .
Click Continue.
Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data storespage.
If you selected the Privatedestination type and configured your Private Service Connect producer service to Accept connections for selected projects(explicit approval), do the following:
1. In the Google Cloud console, search for Private Service Connect and go to the Private Service Connectpage.
2. Click the Published servicestab.
3. Click the name of the Private Service Connect service corresponding to your Jira Data Center data store.
4. In the Connected projectssection, select the checkbox next to the Gemini Enterprise tenant project for the data store, and then click Accept project. The Gemini Enterprise tenant project ID ends in -tp .
The data store status remains as Creatingin the Data Storespage until you click Accept projecton the service details page within Private Service Connect. After you click Accept project, the data store status changes to Active.

To verify the state of the data store, do the following in the Data storespage:

Navigate to the newly created data store in the data store list and monitor its state until it changes to Active.
When the data store state changes from Creatingto Active, the Jira Data Center connector is ready to be used.

After creating the data store:

Create an app .
Connect it to the Jira Data Center data store .
Authorize Gemini Enterprise to Jira Data Center before executing any queries.

For information on permissions required to perform search, see Required permissions .

Data handling and query execution

This section describes how Gemini Enterprise manages your query and the privacy implications of using the federated data store.

Query execution

After you authorize Jira Data Center and send a search query to Gemini Enterprise:

Gemini Enterprise sends your search query directly to the Jira Data Center API.
Gemini Enterprise blends the results with those from other connected data sources and displays a comprehensive search result.

Data handling

When using third-party federated search, the following data handling rules apply:

Your query string is sent to the third-party search backend (Jira Data Center API).
These third parties may associate queries with your identity.
If multiple federated search data sources are enabled, the query might be sent to all of them.
After the data reaches the third-party system, it is governed by that system's terms of service and privacy policies.

What's next

To provide a user interface for querying your Jira Data Center data, create an app and connect it to the Jira Data Center data store .
To manage the list of actions, see View and manage actions .
To preview how your search results appear after your app is set up, see Get search results .
To enable alerts for the data store, see Configure alerts for third-party data stores .