User Sync endpoints
The problem
User Sync shows an error like
- Token request failed
- java.net.SocketException: Connection reset
or won't let you authorize the connector in the first place, i.e. with an Azure connector.
The solution
User Sync needs direct access to the API of the Identity provider of the connector.
Below the endpoints to which your Atlassian application server needs internet access to:
Azure AD
URL | Reason |
|---|---|
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/authorize | Request OAuth2 authorization |
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/token | Request and refresh access token |
https://graph.microsoft.com/{apiVersion}/users | Fetching information for all users |
https://graph.microsoft.com/{apiVersion}/users/{userid} | Fetching information for a single user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/memberOf | Fetch groups for specific user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/transitiveMemberOf | Fetch groups including transitive group memberships for specific users |
Used options for apiVersion are "v1.0" and "beta".
G Suite
URL | Reason |
|---|---|
https://accounts.google.com/o/oauth2/v2/auth | Request OAuth2 authorization |
https://www.googleapis.com/oauth2/v4/token | Request and refresh access token |
https://www.googleapis.com/admin/directory/v1/users | Fetching information for all users |
https://www.googleapis.com/admin/directory/v1/users/{userid} | Fetching information for a single user |
https://www.googleapis.com/admin/directory/v1/groups | Fetch groups for specific user |
Okta
URL | Reason |
|---|---|
https://{oktaDomain}/api/v1/users | Fetching information for all users |
https://{oktaDomain}/api/v1/users/{userid} | Fetching information for a single user |
https://{oktaDomain}/api/v1/users/{userid}/groups | Fetch groups for specific user |