...
The Jira User’s E-Mail address or Username within the E-Mail/Username field.
The API Token that was generated for that Jira User within the API Token field.
...
Allocating the Global BROWSE_USER permission (so JEMHC can lookup users by their email address)
In order for the Workaround user to be able to check if a user exists, they need to be allocated the Browse users and groups Global Permission. This is done within System > Security > Global Permissions, at the bottom of the screen there is a section to Grant Permission, pick the Browse users and groups, and nominate a restricted membership group, that your workaround user will be a member of:
...
Allocating the Global ADMINISTER permission (so JEMHC can create users)
In order for JEMHC to be able to create users, the global ADMINISTER permission is required to be held by the workaround user. Global Permissions are only allocated through groups:
...