Avion requires you to authenticate with the backlog tool you are using. Once authenticated, Avion will be able to make requests on your behalf. This is the foundation of the integration. We use very secure protocols for authentication.

• Jira Cloud: OAuth 2.0 (plus an API token for one API)

• Jira Data Center: OAuth 1.0a

• Azure DevOps: OAuth 2.0

• Trello: OAuth 1.0

• GitHub & ZenHub: OAuth 2.0

Create a dedicated Avion user

Although it's convenient to be able to authenticate Avion using a personal account, we suggest using a dedicated Avion user for longer-term setups. This is useful for a few reasons:

• Integrations don't break if the authenticated person leaves the company

• You don't need to give individuals elevated permissions

• It isolates Avion activity from personal user activity

• It allows you to disconnect Avion's access very easily (just delete the Avion user)

To do this, get your IT administrator to create an Avion user in your backlog tool. Then, when you set up any integrations, ensure that you are logged in as the Avion user during authentication.

This might make sense to be done by an IT administrator, so credentials don't need to be shared. However, this does add a barrier when you want to integrate new story maps. Your decision will need to weigh up security against usability.