Jira Cloud tool connection fails with the following message (X-Seraph-Loginreason=AUTHENTICATED_FAILED) when used in DevOps/Jira spoke - Support and Troubleshooting

Jira Cloud tool connection fails with the following message (X-Seraph-Loginreason=AUTHENTICATED_FAILED) when used in DevOps/Jira spoke Issue .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } When configuring a Jira Cloud tool connection in DevOps Change Velocity or using Jira Spoke with Basic Auth (Open Authorization) credentials, the connection fails even though the credentials appear correct. The Jira Validate flow returns an HTTP 200 status code, but the response header contains an authentication failure indicator, causing ServiceNow to display a credential error.

Symptoms .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } - The following error appears when attempting to connect the Jira Cloud tool in the DevOps Change Velocity workspace: 'Tool authorization credentials are invalid. Enter valid credentials, and try again' - The Jira Validate subflow completes with HTTP status '200', but the response header includes:'X-Seraph-Loginreason: AUTHENTICATED_FAILED'. Below are a few sample response headers returned by JIRA

{Content-Type=application/json;charset=UTF-8, Transfer-Encoding=chunked, Connection=keep-alive, Date=Wed, 18 Mar 2026 15:43:20 GMT, Server=AtlassianEdge, Timing-Allow-Origin=*, X-Arequestid=zz, X-Seraph-Loginreason=AUTHENTICATED_FAILED, Set-Cookie=atlassian.xsrf.token=XXXXX; {Content-Type=application/json;charset=UTF-8, Transfer-Encoding=chunked, Connection=keep-alive, Date=Tue, 07 Apr 2026 18:08:26 GMT, Server=AtlassianEdge, Timing-Allow-Origin=*, X-Arequestid=zz, X-Seraph-Loginreason=AUTHENTICATED_FAILED, Set-Cookie=atlassian.xsrf.token=XXXXX; Path=/; SameSite=None; Secure, Cache-Control=no-cache, no-store, no-transform, Vary=Accept-Encoding, X-Content-Type-Options=nosniff, X-Xss-Protection=1; mode=block, Atl-Traceid=bbd87bf575ce42c7b4fe8a97a5843322, Atl-Request-Id=bbd87bf5-75ce-42c7-b4fe-8a97a5843322, Strict-Transport-Security=max-age=63072000; includeSubDomains; preload, Report-To={"endpoints": [{"url": "https://ddd.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}, Nel={"failure_fraction": 0.01, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}, X-Cache=Miss from cloudfront, Via=1.1 zzzz.cloudfront.net (CloudFront), X-Amz-Cf-Pop=DFW56-P7, X-Amz-Cf-Id=tyhh-4aUL8jJxMQpr1ya5Vs-ksVUeCt6N4w4c4xNGFgnhY0VMuffzQ==, Server-Timing=cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=89,cdn-upstream-fbl;dur=206,atl-edge;dur=85,atl-edge-internal;dur=18,atl-edge-upstream;dur=66,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW56-P7",cdn-rid;desc="tyhh-4aUL8jJxMQpr1ya5Vs-ksVUeCt6N4w4c4xNGFgnhY0VMuffzQ==",cdn-downstream-fbl;dur=211} - No error code is returned in the flow REST step — the failure is visible only in the response header - The following subflows trigger in sequence during the connection attempt: - Create Connection Subflow - DevOps Create Credentials - DevOps Create Child Alias - Jira Validate - Delete conn cred alias subflow - The same credentials fail in Postman with an identical response body and 'X-Seraph-Loginreason: AUTHENTICATED_FAILED' header, confirming the issue originates on the Jira side

Release .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All currently supported releases

Cause .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } 1.When Jira detects multiple failed login attempts or flags an account for suspicious activity, it activates a CAPTCHA challenge or similar security block on the account. Once this block is active, Jira rejects all API-based Basic Auth requests by returning HTTP 200 with the header X-Seraph-Loginreason: AUTHENTICATED_FAILED ; rather than a standard HTTP 401 error. Because ServiceNow evaluates this header to determine connection validity, it interprets the response as a credential failure and displays the error message. The root cause is a security restriction enforced by Jira on the service account, not a misconfiguration within ServiceNow.

2.If the service user account used in the credential connection in ServiceNow is missing in JIRA, then it can result in the above error

Resolution .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } **Note:** The steps below address the Jira-side security block, which is the root cause in this scenario. Complete steps 1–4 first. If the issue persists in ServiceNow after Postman confirms successful authentication, proceed to step 5.

1. Contact your Jira administrator and request a review of the service account being used for the DevOps Change Velocity tool connection.

↳ The Jira administrator should check whether a CAPTCHA challenge or login security block has been applied to the account.

↳ Refer to the following Atlassian documentation on Basic Auth behavior for guidance

2. Ask your Jira administrator to remove any active security blocks or CAPTCHA restrictions on the service account.

3. Confirm the service account has **Jira Administrators** permissions. This permission level is required for the DevOps Change Velocity tool connection to authenticate successfully.

4. Once the Jira administrator confirms the block has been removed, test the same credentials in Postman using a GET request to the Jira REST API endpoint.

Verify that the response body returns a valid JSON payload and that the 'X-Seraph-Loginreason: AUTHENTICATED_FAILED' header is no longer present.

5. If Postman now returns a successful response but the connection still fails in ServiceNow, enable the following system properties to capture detailed logs for further investigation. Set each property to the value shown, then re-attempt the tool connection.

Navigate to **your ServiceNow instance** > **System Properties** ('sys_properties.do') and set the following:

| Property | Value | |---|---| | 'com.glide.hub.flow.approval.logging' | 'DEBUG' | | 'com.glide.hub.flow_engine.log_level' | 'DEBUG' | | 'com.glide.hub.flow_engine.listener_trace.threshold' | 'DEBUG' | | 'com.snc.process_flow.reporting.level' | 'FULL' | | 'sn_devops.devops_log_level' | 'TRACE' | | 'glide.rest.debug' | 'true' |

**Important:** Revert all properties to their original values after testing, as these settings significantly increase log volume.

6. Collect the following for ServiceNow support review: - Screenshots of the Postman request and response (successful) - The outbound HTTP log entry from the 'sys_outbound_http_log' table captured during the failed ServiceNow connection attempt - The flow execution context for the Jira Validate subflow

7. Optionally, activate the **DevOps Change Health Scan Content Pack** application from the ServiceNow Store to run a health check scan of your DCV setup. This scan identifies configuration issues and provides recommendations.

Related Links .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Run health scan check — DevOps Change Velocity HTTP Outbound web service logging properties Flow debugging properties