Jira Cloud: Automating SharePoint Folder Creation
In recent post, we explored how to automate various tasks like user provisioning, attribute updates, and Microsoft Teams group creation using Jira and Azure Automation. Today, we’ll dive into another common automation scenario: automating the creation of SharePoint folders.
Consider a Sales team that uses Jira to track enterprise customer onboarding. For each new customer, they manually create a SharePoint folder to store essential documents like NDAs. This repetitive task can be streamlined through automation.
By integrating Jira and Azure, we can trigger the creation of SharePoint folders directly from Jira issues. Let’s explore how to set up this automation on both platforms.
Setup Azure Automation Account
If you haven’t already, follow these steps to create a new Azure Automation Account:
- Log in to the Azure Portal.
- Navigate to Automation Accounts:
- Search for “Automation Accounts” in the search bar.
- Click + Create to set up a new Automation Account.
- Provide the required details:
- Subscription: Select your Azure subscription.
- Resource Group: Choose or create a resource group.
- Name: Enter a name for your Automation Account.
- Region: Select your preferred region.
- Click Next
- Under Advanced, choose System Assigned under Managed Identities.
- Networking tab, ensure you have public access enabled for your connectivity configuration.
- Setup your Tags (Always recommended for housekeeping).
- Click Review + Create and then Create.
After your Automation Account has been created, Go to the resource so we can start setting up the modules and permissions.
Create Runbook
To set up your new runbook, navigate to the Process Automation section in your Azure Automation Account. Click the arrow to expand the menu, then select Runbooks.
If you’d like, you can delete the default tutorial runbooks provided. However, these can be useful to review for setup guidance and inspiration.
- Next, click + Create to create a new runbook.
Provide the needed details
- Click Create new.
- Enter a name for your runbook.
- Select PowerShell as the runbook type.
- Choose ‘Select from existing’ for the runtime environment and select PowerShell-7.2 (or the latest release). This will be necessary to use the MS Graph API.
- Add a description for your runbook.
- Optionally, add tags to categorize your runbook.
- Click Review + Create.
- Once validation is complete, click Create.
- Allow 2-3 minutes for the runbook to be created.
Our runbook will need specific PowerShell modules that aren’t installed by default. It’s easy to add them:
- Click the + Add a module button at the top.
- Click ‘Browse from the gallery.’
- Search for ‘Microsoft.Graph.Authentication’ in the module gallery.
- Select the latest version of the module.
- Click
- Choose the latest runtime version for your module.
- Click Import.
It might take about 2-3 minutes to import the Microsoft.Graph.Authentication module. You can check its progress by searching for it in the module gallery. Once it says Available, you’re ready to use it.
We’ll need to add one more module. You can add this while the others are importing. Continue the same steps above to add the last module:
Microsoft.Graph
You should have a similar view:
To enable your runbook to create the SharePoint folder, we need to grant it specific permissions:
- Go to Account Settings, choose Identity.
- You’ll see a system-assigned managed identity is already enabled.
- Click Add role assignment.
- Set the scope to your Azure subscription.
- Assign the Contributor role (or create a custom role with necessary permissions which is recommended).
- Click Save.
- Lastly, Copy the object ID of the managed identity for future reference. You’ll be needing this coming up.
Setup permission for your Object ID
We have one more step: Give our new Managed identity permissions to create users. Ensure you have the Object ID from your Managed Identity from the steps above.
- In a new tab, Go to the Azure portal.
- Choose the Microsoft Entra ID blade
- Expand Manage, choose Enterprise applications.
- On the search bar, search for the Object ID you have copied.
- An application should show up; click on the name.
- Expand the Security area, choose Permissions, and you’ll notice there are no Permissions set for your application.
To successfully create our SharePoint folder, we’ll need to provide this application with two Microsoft Graph permissions:
Sites.ReadWrite.AllFiles.ReadWrite.All
As it stands now, PowerShell is the sole method available for adding these permissions. The easiest way to do this is to open the Cloud Shell at the top of your Azure portal.
Run the following PowerShell Script. Make sure you replace **MYSUPERCOOLOBJECTID** with the Object ID of the application you just searched with.
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes Application.Read.All, AppRoleAssignment.ReadWrite.All, RoleManagement.ReadWrite.Directory
$managedIdentityId = "MYSUPERCOOLOBJECTID"
$roleNames = @("Files.ReadWrite.All", "Sites.ReadWrite.All")
$msgraph = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'"
foreach ($roleName in $roleNames) {
$role = $Msgraph.AppRoles | Where-Object {$_.Value -eq $roleName}
if ($role) {
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityId -PrincipalId $managedIdentityId -ResourceId $msgraph.Id -AppRoleId $role.Id
}
else {
Write-Warning "Role $roleName not found in Microsoft Graph service principal roles."
}
}
Disconnect-MgGraph
The Cloud console will run. This takes about 2-3 minutes max.
Choose A for Yes to All to install all the required Graph modules. This will run for a few minutes.
It will then prompt you to Sign into a web browser and enter a code. Simply copy the URL (or you can click the URL) and type the code into your browser.
- Enter the code to allow access. Click Next.
- The next screen will ask you to sign into your account to verify.
- After you log in, you will need to consent on behalf of your company to give permissions to the Graph Command Line Tools. If you are okay with this, click Accept.
You can now close the tab where you granted admin consent. Return to the tab where your Azure Cloud Shell is running. The permission grant process should be complete, and your cloud shell should be disconnected from Microsoft Graph.
To verify that the permissions have been added successfully:
- Navigate back to the Permissions tab of your enterprise application.
- You should now see the new application permissions listed, with admin consent already granted.
Add PowerShell Script to Runbook
Go back to the runbook that you created. Click the runbook and make sure you’re in the runbooks Overview view.
To edit your runbook:
- Navigate to our runbook in the Azure portal.
- Click ‘+ Edit’ and choose Edit in the portal.
- Expand the Runbooks section on the left and select the correct runbook.
- We’re ready to add our PowerShell script.
param(
[Parameter(Mandatory = $true)]
[string]$SiteId,
[Parameter(Mandatory = $true)]
[string]$DriveId,
[Parameter(Mandatory = $true)]
[string]$FolderName,
[Parameter(Mandatory = $false)]
[string]$ParentFolderPath = "/"
)
# Function to get authentication token using managed identity
function Get-ManagedIdentityToken {
try {
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=https://graph.microsoft.com&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER" = "$env:IDENTITY_HEADER" } -Uri $tokenAuthURI
return $tokenResponse.access_token
}
catch {
Write-Error "Failed to acquire managed identity token: $_"
throw
}
}
# Function to create folder using Microsoft Graph API
function New-SharePointFolder {
param(
[string]$Token,
[string]$SiteId,
[string]$DriveId,
[string]$FolderName,
[string]$ParentFolderPath
)
try {
# Format parent path
$cleanPath = $ParentFolderPath.Trim('/')
# Construct the API URL
$baseUrl = "https://graph.microsoft.com/v1.0/sites/$SiteId/drives/$DriveId"
if ([string]::IsNullOrEmpty($cleanPath)) {
$apiUrl = "$baseUrl/items/root/children"
} else {
$parentPath = $cleanPath -replace "/", "%2F"
$apiUrl = "$baseUrl/items/root:/${parentPath}:/children"
}
Write-Output "Using API URL: $apiUrl"
# Prepare the request body
$body = @{
name = $FolderName
folder = @{}
"@microsoft.graph.conflictBehavior" = "rename"
} | ConvertTo-Json
# Prepare the headers
$headers = @{
'Authorization' = "Bearer $Token"
'Content-Type' = 'application/json'
}
# Make the API call
Write-Output "Sending request to create folder..."
$response = Invoke-RestMethod -Method Post -Uri $apiUrl -Headers $headers -Body $body -Verbose
Write-Output "Folder '$FolderName' created successfully"
return $response
}
catch {
$errorDetails = $_.ErrorDetails
$errorMessage = if ($errorDetails) {
$errorDetails.Message
} elseif ($_.Exception.Response) {
$reader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream())
$errorContent = $reader.ReadToEnd()
$reader.Dispose()
$errorContent
} else {
$_.Exception.Message
}
Write-Error "Failed to create folder: $errorMessage"
throw
}
}
try {
# Add assembly for URL encoding
Add-Type -AssemblyName System.Web
Write-Output "Starting folder creation process..."
# Get authentication token
Write-Output "Getting managed identity token..."
$token = Get-ManagedIdentityToken
# Create the folder
$result = New-SharePointFolder -Token $token -SiteId $SiteId -DriveId $DriveId -FolderName $FolderName -ParentFolderPath $ParentFolderPath
# Output the result
Write-Output "Folder creation completed"
$result
}
catch {
Write-Error $_.Exception.Message
throw
}
Click Save. Click Publish. If you dont Publish the runbook it will stay in edit mode, Automation will not be able to work with the runbook.
Do you have your SharePoint Site ID and Drive ID?
Test Runbook
Before proceeding, we should test our runbook to ensure it works as expected. After all, if it doesn’t work here, the Jira automation definitely wont work.
- In the runbook editor, navigate to the Test pane.
- Fill in the necessary parameters for the runbook to execute.
- Click the Start button to initiate the test.
- Please allow up to 3-5 minutes for the test to complete.
- Once the test finishes, review the output to verify that it ran successfully and without errors.
Within your SharePoint site, you now see your newly created folder.
Set up Jira Automation
You should have already tested the Azure rubook. Now, let’s setup our Jira or Jira Service Management (JSM) automation to feed and trigger the runbook. Our scenario is pretty standard.
Our Scenario
- Click your Project settings and go to Automation.
- Choose Create Rule.
- Our trigger will be when the Issue is Transitioned; select this option.
- Our criteria are from status: Review to status Update Info.
- Click Next.
Let’s add a condition to make sure the ticket type is correct.
- Add the IF: Add a condition
- Choose Issue fields condition.
- Under Field, we choose the Issue Type.
- Condition, equals
- Value is New Customer
- Click Next.
Let’s add a branch component to work only off the issue that triggered it. Choose FOR EACH: Add a branch, and select the Branch rule / related issues. Choose Current Issue (default) on the next screen and click Next.
- Click the Add to branch under your new Branch. Select the THEN: add an action.
- Search or scroll down to the Start runbook in Azure and choose it.
- Next, we need to Connect our Azure account to our Jira account. Click the Connect This will open a new window.
- Sign in to your MS365 account if you’re not already signed in.
- Review and approve the permissions request on behalf of your organization. Click
- This tab should close out, taking you back to your Jira Automation
- Within Jira Automation, Select your Azure Subscription name
- Select the Resource Group that has your automation account.
- Select the Automation account that holds your runbook.
- Lastly, select the runbook we just set up.
The last thing we need to do is bind the Key-value pairs so the payload we send to Azure has the information to give to our runbook script.
Table below depicts how we’ll be mapping our key-value pairs.
| FolderName | String | {{issue.customfield_10078}} |
| SiteId | String | daveherrell.sharepoint.com |
| DriveId | String | YOURDRIVEIDHERE |
| ParentFolderPath | String | /New Customer Onboarding |
Couple items to note. In this automation, we’re directly fetching the SiteID and DriveID from the Jira issue, rather than hardcoding them into the runbook. This approach offers flexibility and reduces the need for manual updates. You can also choose to do this via variable or even with Azure key vault, the choice is up to you.
For the Folder name, were using the Customer Name, which is a Jira custom field. You will need the custom field ID. If you need help finding it, check out this quick how-to guide I’ve created.
Once you’ve mapped all your key-value pairs, select Next.
Last step, click the Rule Details at the top.
- Name your rule
- Set a description.
- Set the Automation Owner.
- Set the Actor (typically Automation for Jira)
- Select if you want an email if this rule errors out.
- Who can edit the rule?
- Lastly, click Turn on Rule.
Time To Test It!
The last thing to do is test our Jira automation and runbook! We’ll test with the newly created New Customer test Sales ticket with the required Enterprise customer information filled out.
Per our requirements, we’re going to transition the ticket from Review to Create Customer Folder to trigger the automation.
If we go to our Jira Automation rule and click the Audit log, we can see the runbook request was submitted.
Back in the Azure portal, if we open our runbook, we should see our runbook either running or completed already. If you click the Completed Status, you will see our Inputs, Errors, etc.
Lastly, when we go to our SharePoint folder, we should now see the newly created folder.
We’ve successfully integrated Jira and Azure to automate SharePoint folder creation. This streamlined process eliminates manual tasks and ensures consistency in your document management. By leveraging the power of both platforms, you can further customize your automation to include advanced features like setting permissions, applying templates, and more.
I hope you found this helpful!
