User Guide
Release Notes

Atlassian Cloud

Configuring the Veza integration for Atlassian Cloud Admin, Jira Cloud, and Confluence Cloud.

Overview

This integration enables a connection between Veza and an Atlassian Cloud tenant to discover the following services:

  • Atlassian Cloud Admin

  • Jira Cloud

  • Confluence Cloud

The integration includes cross-service connections to show relationships between IdP identities, Cloud Admin users and groups, and the local Confluence or Jira accounts those users can assume. It deprecates the original OAA connectors for Jira and Counfluence.

Configuring Atlassian Cloud

Two sets of credentials are required to enable the integration:

Create a User for the Integration

We recommend creating a unique user for the integration. The integration user should have read-only permissions to all projects to discover, to enumerate projects and related permissions.

  1. Log in to the Admin portal at admin.atlassian.com.

  2. Open the Users List and click Invite Users.

  3. Enter an email address for the invitation.

  4. Grant the user access to the products the integration should discover.

The user status will change to active one you have accepted the invitation and accessed an Atlassian product.

See Create, Edit, and Delete Users for additional guidance.

Retrieve an Admin API Key

Veza connects to the Cloud Admin APIs to collect information about groups and users.

  1. Log in to admin.atlassian.com.

  2. Go to Settings > API Keys.

  3. Choose Create API key.

  4. Enter an identifying name for API key.

  5. By default, keys expire in one week. To change the expiration date, pick a new Expires on date.

  6. Select Create to save the API key Copy the Organization ID and API key values for configuring the integration on Veza.

  7. Click Done. The key will appear in the list of API keys.

Retrieve Product API Key for a User

Atlassian product APIs enable access to individual services just as Jira or Confluence.

  1. As the integration user, log in to https://id.atlassian.com/manage-profile/security/api-tokens.

  2. Click Create API Token.

  3. Enter a label for the token and click Create.

  4. Copy the token, which will only appear once.

Configuring Atlassian Cloud on the Veza Platform

To enable the integration:

  1. In Veza, go to Integrations and choose Add Integration.

  2. Pick Atlassian Cloud as the integration to add and click Next.

  3. Enter the required information and Save the configuration.

FieldNotes

Insight Point

Choose whether to use the default data plane or a deployed Insight Point.

Name

A friendly name to identity the unique integration.

Atlassian Url

Host URL, e.g. veza.atlassian.net.

Admin API Key

Admin token from the previous steps.

Products

Comma-separated list of products to discover (jira, confluence).

Product User

Integration username, e.g. integration@veza.com.

Product Token

User API token from the previous steps.

If you do not enter an admin API key, Veza can still extract data from Jira & Confluence. It will not, however, be able to correlate Jira & Confluence users with users from identity providers.

Notes and Supported Entities

Atlassian Cloud Admin

  • Atlassian Cloud Tenant

    • tenant_unique_id

  • Atlassian Cloud User

    • account_type

    • account_status

    • access_billable

    • product_access

    • user_type

Confluence Cloud

  • Confluence User

    • account_type

    • email

    • external_collaborator

  • Confluence Space

    • type

    • status

    • id

    • unlicensed_access

    • anonymous_access

Jira Cloud

  • Jira Group

  • Jira Instance

  • Jira Project

  • Jira Project Role (shown in Veza as <project name> - <role name>)

  • Jira User

Because roles are defined on a per-project basis (and role names may be duplicated across a Jira Cloud instance) project roles are translated as <project name> - <role name>

Limitations

  • Atlassian and Jira support adding groups to groups to reduce duplication of entitlements but do not return the details on group assignments within groups via their public API. The integration will discover all users that are members of a group directly or indirectly but will not know if the user is directly assigned or inherited through a group membership.

  • Atlassian Cloud Admin is not able to discover external (unmanaged) users. External users have emails belonging to a domain outside of your organization, but are added manually to your Atlassian organization.

PreviousAnaplanNextBlackLine

Last updated