User Sync endpoints
The problem
User Sync shows an error like
- Token request failed
- java.net.SocketException: Connection reset
or won't let you authorize the connector in the first place, i.e. with an Azure connector.
The solution
User Sync needs direct access to the API of the Identity provider of the connector.
Below the endpoints to which your Atlassian application server needs internet access to:
Azure AD
Endpoints
URL | Reason |
|---|---|
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/authorize | Request OAuth2 authorization |
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/token | Request and refresh access token |
https://graph.microsoft.com/{apiVersion}/users | Fetching information for all users |
https://graph.microsoft.com/{apiVersion}/users/{userid} | Fetching information for a single user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/memberOf | Fetch groups for specific user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/transitiveMemberOf | Fetch groups including transitive group memberships for specific users |
Used options for apiVersion are "v1.0" and "beta".
Permissions
Regarding permissions, you need
Directory.Read.All , Type: Application
If you also want to sync user profile pictures, you also need
User.Read.All , Type: Application
Make sure to click Grant admin consent for <your organization> after adding the permissions:
Google Cloud Identity
URL | Reason |
|---|---|
https://accounts.google.com/o/oauth2/v2/auth | Request OAuth2 authorization |
https://www.googleapis.com/oauth2/v4/token | Request and refresh access token |
https://www.googleapis.com/admin/directory/v1/users | Fetching information for all users |
https://www.googleapis.com/admin/directory/v1/users/{userid} | Fetching information for a single user |
https://www.googleapis.com/admin/directory/v1/groups | Fetch groups for specific user |
Keycloak
URL | Reason |
https://{baseUrl}/realms/{realm}/protocol/openid-connect/token | Request and refresh access token |
https://{baseUrl}/admin/realms/{realm}/users | Fetching information for all users |
https://{baseUrl}/admin/realms/{realm}/users/{userid} | Fetching information for a single user |
https://{baseUrl}/admin/realms/{realm}/users/{userid}/groups | Fetch groups for specific user |
Okta
URL | Reason |
|---|---|
https://{oktaDomain}/api/v1/users | Fetching information for all users |
https://{oktaDomain}/api/v1/users/{userid} | Fetching information for a single user |
https://{oktaDomain}/api/v1/users/{userid}/groups | Fetch groups for specific user |