Copy of User Sync endpoints
The problem
User Sync shows an error like
- Token request failed
- java.net.SocketException: Connection reset
or won't let you authorize the connector in the first place, i.e. with an Azure connector.
The solution
User Sync needs direct access to the API of the Identity provider of the connector.
Below the endpoints to which your Atlassian application server needs internet access to:
Azure AD
URL | Reason |
|---|---|
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/token | Request and refresh access token |
https://graph.microsoft.com/{apiVersion}/users | Fetching information for all users |
https://graph.microsoft.com/{apiVersion}/users/{userid} | Fetching information for a single user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/memberOf | Fetch groups for specific user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/transitiveMemberOf | Fetch groups including transitive group memberships for specific users |
https://graph.microsoft.com/{apiVersion}/groups | Fetch all groups (required for processing the groupnames if required groups are configured) |
https://graph.microsoft.com/{apiVersion}/groups/{groupid}/memberOf | Fetch members of a specific group |
https://graph.microsoft.com/{apiVersion}/groups/{groupid}/transitiveMemberOf | Fetch members of a specific group including transitive group memberships |
Used options for apiVersion are "v1.0" and "beta".
G Suite
URL | Reason |
|---|---|
https://accounts.google.com/o/oauth2/v2/auth | Request OAuth2 authorization |
https://www.googleapis.com/oauth2/v4/token | Request and refresh access token |
https://www.googleapis.com/admin/directory/v1/users | Fetching information for all users |
https://www.googleapis.com/admin/directory/v1/users/{userid} | Fetching information for a single user |
https://www.googleapis.com/admin/directory/v1/groups | Fetch groups for specific user |
Okta
URL | Reason |
|---|---|
https://{oktaDomain}/api/v1/users | Fetching information for all users |
https://{oktaDomain}/api/v1/users/{userid} | Fetching information for a single user |
https://{oktaDomain}/api/v1/users/{userid}/groups | Fetch groups for specific user |
https://{oktaDomain}/api/v1/groups | Fetch all groups (required for processing the groupnames if required groups are configured) |
https://{oktaDomain}/api/v1/groups/{groupid}/users | Fetch members of a specific group |
Keycloak
Keycloak is a self hosted Identity Provider, so you should know best yourself.
URL | Reason |
|---|---|
https://{baseUrl}/realms/{realm}/protocol/openid-connect/token | Request and refresh access token |
https://{baseUrl}/admin/realms/{realm}/users | Fetching information for all users |
https://{baseUrl}/admin/realms/{realm}/users/{userid} | Fetching information for a single user |
https://{baseUrl}/admin/realms/{realm}/users/{userid}/groups | Fetch groups for specific user |