Buyer question
How to manage AI tool access requests in Jira Service Management
The native JSM way is to create an AI tool access request type, add approval steps, capture the tool, purpose, requester, and duration, and use automation or Assets for catalog and expiry follow-up.
Use AI Clearance when that request workflow also has to produce audit-ready lifecycle evidence after approval: grants, expiry, recertification reviews, duplicate blocking, and Okta/Entra configured-group drift checks.
Last updated: 2026-06-10
Practical answer
The native JSM way is to create an AI tool access request type, add approval steps, capture the tool, purpose, requester, and duration, and use automation or Assets for catalog and expiry follow-up. Use AI Clearance when that request workflow also has to produce audit-ready lifecycle evidence after approval: grants, expiry, recertification reviews, duplicate blocking, and Okta/Entra configured-group drift checks.
| Step | Native JSM approach | AI Clearance approach |
|---|---|---|
| Catalog | Use Assets or custom fields to list approved AI tools. | Use the built-in approved AI tool catalog with risk and expiry defaults. |
| Request | Create a JSM request type and collect tool, purpose, and duration. | Use the JSM portal create panel and preserve the AI Clearance snapshot. |
| Approval | Add an approval step to the workflow. | Keep approver, decision source, policy context, and grant state in the lifecycle record. |
| Expiry | Use date fields, scheduled automation, or recurring work items. | Track grant expiry and review-before-expiry state as product concepts. |
| Reconciliation | Manually compare tickets with Okta/Entra groups or build custom integration. | Run configured-group drift checks when connected mode is configured. |
Honest limitations
Native JSM can be enough for simple intake. It becomes brittle when teams need repeatable evidence packs, recertification history, duplicate-grant controls, and IdP reconciliation.
Related next step
Review AI Clearance for AI access lifecycle evidence, or start with AI Clearance vs native JSM if you are deciding whether to build this yourself.
FAQ
Should intake live in JSM?
Usually yes if employees already use JSM for internal access requests.
Do employees need a Jira license to approve?
Atlassian documents that approvers do not need a JSM license as long as they are customers of the service space.
Does AI Clearance monitor AI prompts?
No. It governs access decisions and evidence, not runtime AI usage or prompts.