Working with Google Groups

1 Background
2 How a google group is used within Jira
- 2.1 Outbound notifications using groups
- 2.2 Handling replies
- 2.3 Loops
- 2.4 Inbound security issues
3 How to create a google group
4 Quick Reference: Using Google groups with JEMHC
- 4.1 Outbound
- 4.2 Inbound
5 Details on security for inbound issue update with google groups

Background

Google groups are effectively a distribution group, where an address is an ‘aggregate’ for the group members. This feature allows a ‘group’ to be notified by one address, addressing a 500 user limit enforced by google for mail sent out through a user account.

How a google group is used within Jira

Outbound notifications using groups

A distribution group address is not a google account so cannot be authenticated and ‘used’ as an JEMHC Outbound, its just a recipient address.

A group, eg ppltestgroup@thepluginpeople.com can have many recipients, could be your ‘agents’ or your ‘team’. You would create a User with that email address, and make issues have an ‘assignee’ or a ‘request participant’ be that user.

When such a user is notified, google will expand that recipient address into the members, notifying them individually.

You can track who received outbound notifications using JEMHC > Auditing >Outbound Messages.

Handling replies

After setting up outbound recipients, you’ll see that ‘replies’ are sent ‘to’ the distribution group address. In order to get those replies into Jira, we need to add the Jira mailbox address (Profile catchemail) into the group membership (members can be outside your domain).

Loops

A consequence of added a JEMHC feeding mailbox address to the group is that every outbound notification sent by JEMHC will also be delivered into the mailbox. In the case of distribution group addresses, JEMHC doesn't send direct to group members, google does. These mails would, if actually processed effectively create notification loop which is highly understandable! We would want to exclude such mail specifically to break such a loop, and to do so in a way that minimises impact to your JEMHC Capacity Plan.

Blocking the outbound mail should be done in the mailbox through a mailbox Rule, for example, mail sent by google contains the “Precedence: list” header, which is a great way to exclude all the broadcasts before JEMHC processes it.

Inbound security issues

Replies from the group members to the group will be sent to all recipients, including the Jira mailbox address, such mail is sent ‘from’ the email address of the user involved. Depending on the kind of project, and general security setup, those persons replying may not be already included on the issue, and so may be excluded on security grounds.

Just turn it off? Think twice!

Just turning off security is not a recommended path, only do this if you understand the security implications. As all senders are expected to be ‘users’ granting those users permissions within your projects seems the safer path. If you have ‘external’ users that aren’t expected to have permissions in the project, I guess we ask why they are in the distribution group.

How to create a google group

As a google workspace domain admin, create a group through the Manage this organisation under Gmail settings:

Switch to the Group section:

Create a Group:

Set the Group Details

Next, set the Access Type, note about inclusion of users outside your domain:

Save and done:

From the main Group list, you can then add users:

Quick Reference: Using Google groups with JEMHC

Do outbound first, its less problematic.

Outbound

have a user in Jira with the group address.
add the group user as an issue participant and trigger a notification. If you expect JEMHC do deal with notifications, ensure notification scheme is cleared in the Jira Project (for Software), or that JSM Notifications are similarly disabled.
If you use a mail gateway, and want replies to back to a specific mailbox (feeding Jira) then, assuming JEMHC is used for outbound notifications, set a “Reply-To” address in the JEMHC Notification Mapping (if you don’t use JEMHC you are out of luck):

prove outbound notifications go to the group address members

Inbound

have an inbound Mailbox / message source. Configure if not.
have a group with members including the Jira mailbox user.
have filtered ‘outbound’ mail echoes sent to the Jira mailbox user through a mailbox Rule (not within JEMHC) based on (for example) a header value like ‘Precedence: list’, treat them as junk or simply delete. As this applies to the JEMHC mailbox account, it does not have to be a google mailbox, the below is from office365, it can be done very similarly with google:
1. office365:
2. google:
solve security issues about replying to an issue as someone not involved already ( more edits to come on this)

Details on security for inbound issue update with google groups

TODO