ArdSaor

AI Clearance Security Policy

AI Clearance is an Atlassian Forge app for governing AI tool access in Jira and Jira Service Management. This policy describes the app-specific security controls for Forge-hosted workflows and optional connector-backed provisioning.

1. Scope

This Security Policy applies to AI Clearance, including its Jira admin pages, Jira app pages, Jira Service Management request surfaces, scheduled jobs, Forge functions, storage entities, and optional Okta or Microsoft Entra connector-backed provisioning.

This page supplements the broader ArdSaor Security Policy. If a customer does not enable connector-backed provisioning, AI Clearance operates as a Forge-hosted governance and evidence workflow without provider-side account changes.

2. Hosting and runtime architecture

  • Default runtime: AI Clearance app logic runs on Atlassian Forge using Forge functions, Custom UI surfaces, scheduled triggers, and Forge storage.
  • Connectorless operation: AI Clearance records requests, approval decisions, grants, lifecycle state, and audit evidence without changing accounts in external AI providers or identity providers.
  • Connector-backed operation: When an administrator configures an Okta or Microsoft Entra connector, Forge functions send signed backend requests to ArdSaor Core for downstream group-membership actions.
  • Browser isolation: Provider credentials, ArdSaor Core shared secrets, and identity-provider tokens are not exposed to Custom UI browser code.

3. Connector security model

  1. A Jira administrator creates an Okta or Microsoft Entra connector.
  2. A Jira administrator maps Atlassian users to provider identities where connector jobs require an external identity.
  3. A Jira administrator creates or binds one provider entitlement group per connected catalog tool.
  4. The customer administrator assigns that provider group to the real app, role, license, or resource in Okta or Entra.
  5. After approval, AI Clearance queues a provisioning, deprovisioning, or check job.
  6. Forge resolves the configured connector and sends a signed backend request to ArdSaor Core.
  7. ArdSaor Core calls the configured identity provider and returns a structured result to AI Clearance.
  8. AI Clearance stores job, grant, and audit state in Forge storage.

4. Secrets and credential handling

  • Connector configuration secrets are stored using Forge secret storage or approved backend secret storage.
  • Admin-managed external identity mappings are stored as secret-backed values where the app needs the provider identity for connector execution.
  • Logs must not include API tokens, bearer tokens, client secrets, full connector configurations, or full identity-provider credentials.
  • Missing identity mappings fail into a manual follow-up state rather than silently activating provider access.

5. Access controls

  • Only authorized Jira administrators configure intake, governance policies, connectors, identity mappings, and connected tool group setup.
  • Requesters do not provide provider credentials or provider identities during normal request submission.
  • Administrators can disable a connector to stop new automated provider actions while preserving connectorless governance workflows.
  • Sensitive administrative actions, including bulk approvals, exports, and audit verification, are rate-limited.

6. Audit and operational controls

  • AI Clearance records request, approval, grant, connector, policy, and exception events in an audit trail.
  • Audit entries include integrity fields used by verification tooling.
  • Provisioning jobs record structured status and retry state so administrators can inspect and follow up on failed connector actions.
  • Connector-backed provisioning depends on ArdSaor Core and the configured identity provider only for downstream connector actions; connectorless workflows remain available without provider automation.

7. Supported connector boundaries

  • AI Clearance supports Okta group membership and Microsoft Entra group membership for connector-backed provisioning.
  • AI Clearance does not support arbitrary webhook connectors.
  • AI Clearance does not automatically assign Okta or Entra apps, roles, licenses, or resources to groups.
  • AI Clearance does not grant generic AI-vendor or API-platform accounts unless the customer’s configured identity-provider group controls that entitlement.

8. Security reporting

Security issues can be reported through the contact process in the ArdSaor Security Policy. Include a clear description, affected app surface, steps to reproduce, and any relevant request or connector context without sharing secrets.

9. Related policies