Accessing an on-premises Atlassian Jira server via Luminate Secure Access Cloud (TM) instead of exposing it to the internet or requiring Remote Access VPN is a very natural secure and scale-able solution. In addition to eliminating network-level exposure of one's datacenter networks, it also provides end-users with a SaaS-like experience of accessing on-premises resources.

Zendesk, a Software-as-a-Service solution for Support (and other) Ticketing, provides an integration with on-premises Jira servers, but, unfortunately it doesn't support situation where Jira servers are not exposed to the internet. In Zendesk-Jira integration configuration guide (section regarding Jira Server specific considerations), Zendesk team explicitly requires open ports for accessing the Jira server to a list of IP Networks. FYI, Luminate Team has submitted a feature request for Zendesk to support industry-leading OAuth2/OpenID Connect authentication and we are waiting for a response from Zendesk with implementation timeline.

Currently, in order to allow this integration, while maintaining secure access to your Jira server for your users, we suggest the following configuration:

In the diagram above, we are assuming that the access for the organizational users to a Jira server is configured using a Custom Domain option (jira.mycompany.com). This is not a mandatory solution and using a Luminate-based subdomain (jira.mycompany.luminatesec.com) is also possible.

The important thing is to have a separate DNS, such as jiraforzendesk.mycompany.com, for open ports to the Jira server. The users will never be able to access  the Jira server via this address, only Zendesk integration will be able to do so from Zendesk public IPs.