From Jira/JSM 8.16 onwards we are providing the ability to disable basic authentication as a means of authenticating when requesting access to API resources.
Basic authentication is not a secure means of authentication. Our SSO implementation currently allows users to authenticate using basic authentication. However, this new configuration will allow administrators to disable such access.
Moving forward it is recommended that all pre-existing integrations that use basic authentication should be updated to use personal access tokens (PATs) instead (see using personal access tokens).
However, we are aware that it may not always be possible to update an existing integration to use PATs. To accommodate this you can add the integration to an allowlist which will permit it to continue using basic authentication.
If you have any feedback regarding this change, please feel free to reach out.
The Jira Server Team