The problem

User Sync shows an error like 

Token request failed 
java.net.SocketException: Connection reset
BASH

or won't let you authorize the connector in the first place, i.e. with an Azure connector.

The solution

User Sync needs direct access to the API of the Identity provider of the connector.
Below the endpoints to which your Atlassian application server needs internet access to:

Microsoft Entra ID (formerly Azure AD)

URLReason
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/tokenRequest and refresh access token
https://graph.microsoft.com/{apiVersion}/usersFetching information for all users
https://graph.microsoft.com/{apiVersion}/users/{userid}Fetching information for a single user
https://graph.microsoft.com/{apiVersion}/users/{userid}/managerFetch assigned mamager of a specific user
https://graph.microsoft.com/{apiVersion}/users/{userid}/memberOfFetch groups for specific user
https://graph.microsoft.com/{apiVersion}/users/{userid}/photosFetch profile picture for specific user
https://graph.microsoft.com/{apiVersion}/users/{userid}/transitiveMemberOfFetch groups including transitive group memberships for specific users
https://graph.microsoft.com/{apiVersion}/groupsFetch all groups (required for processing the groupnames if required groups are configured)
https://graph.microsoft.com/{apiVersion}/groups/{groupid}/membersFetch members of a specific group
https://graph.microsoft.com/{apiVersion}/groups/{groupid}/transitiveMembersFetch members of a specific group including transitive group memberships

Used options for apiVersion are "v1.0" and "beta".

G Suite

URLReason

https://accounts.google.com/o/oauth2/v2/auth

Request OAuth2 authorization
https://www.googleapis.com/oauth2/v4/tokenRequest and refresh access token
https://www.googleapis.com/admin/directory/v1/usersFetching information for all users
https://www.googleapis.com/admin/directory/v1/users/{userid}Fetching information for a single user
https://www.googleapis.com/admin/directory/v1/users/{userid}/photos/thumbnailFetch profile picture for specific user

https://www.googleapis.com/admin/directory/v1/groups

Fetch groups for specific user

Keycloak

URLReason
https://{baseUrl}/realms/{realm}/protocol/openid-connect/tokenRequest and refresh access token
https://{baseUrl}/admin/realms/{realm}/usersFetching information for all users
https://{baseUrl}/admin/realms/{realm}/users/{userid}Fetching information for a single user
https://{baseUrl}/admin/realms/{realm}/users/{userid}/groupsFetch groups for specific user
https://{baseUrl}/admin/realms/{realm}/groupsFetch all groups (required for processing the groupnames if required groups are configured)
https://{baseUrl}/admin/realms/{realm}/groups/{groupId}/membersFetch members of a specific group

Okta

URLReason
https://{oktaDomain}/api/v1/usersFetching information for all users
https://{oktaDomain}/api/v1/users/{userid}Fetching information for a single user
https://{oktaDomain}/api/v1/users/{userid}/groupsFetch groups for specific user
https://{oktaDomain}/api/v1/groupsFetch all groups (required for processing the groupnames if required groups are configured)
https://{oktaDomain}/api/v1/groups/{groupid}/usersFetch members of a specific group

OneLogin

URLReason
https://{baseUrl}/auth/oauth2/v2/tokenRequest and refresh access token
https://{baseUrl}/api/v1/usersFetching information for all users
https://{baseUrl}/api/v1/users/{userid}Fetching information for a single user
https://{baseUrl}/api/v1/users/{userid}/groupsFetch groups for specific user
https://{baseUrl}/api/v1/groupsFetch all groups (required for processing the groupnames)
https://{baseUrl}/api/v1/rolesFetch all roles (required for using roles as groupnames)