The problem

User Sync shows an error like 

Token request failed Connection reset

or won't let you authorize the connector in the first place, i.e. with an Azure connector.

The solution

User Sync needs direct access to the API of the Identity provider of the connector.
Below the endpoints to which your Atlassian application server needs internet access to:

Microsoft Entra ID (formerly Azure AD)

URLReason{directoryTenantId}/oauth2/v2.0/tokenRequest and refresh access token{apiVersion}/usersFetching information for all users{apiVersion}/users/{userid}Fetching information for a single user{apiVersion}/users/{userid}/managerFetch assigned mamager of a specific user{apiVersion}/users/{userid}/memberOfFetch groups for specific user{apiVersion}/users/{userid}/photosFetch profile picture for specific user{apiVersion}/users/{userid}/transitiveMemberOfFetch groups including transitive group memberships for specific users{apiVersion}/groupsFetch all groups (required for processing the groupnames if required groups are configured){apiVersion}/groups/{groupid}/membersFetch members of a specific group{apiVersion}/groups/{groupid}/transitiveMembersFetch members of a specific group including transitive group memberships

Used options for apiVersion are "v1.0" and "beta".

G Suite


Request OAuth2 authorization and refresh access token information for all users{userid}Fetching information for a single user{userid}/photos/thumbnailFetch profile picture for specific user

Fetch groups for specific user


https://{baseUrl}/realms/{realm}/protocol/openid-connect/tokenRequest and refresh access token
https://{baseUrl}/admin/realms/{realm}/usersFetching information for all users
https://{baseUrl}/admin/realms/{realm}/users/{userid}Fetching information for a single user
https://{baseUrl}/admin/realms/{realm}/users/{userid}/groupsFetch groups for specific user
https://{baseUrl}/admin/realms/{realm}/groupsFetch all groups (required for processing the groupnames if required groups are configured)
https://{baseUrl}/admin/realms/{realm}/groups/{groupId}/membersFetch members of a specific group


https://{oktaDomain}/api/v1/usersFetching information for all users
https://{oktaDomain}/api/v1/users/{userid}Fetching information for a single user
https://{oktaDomain}/api/v1/users/{userid}/groupsFetch groups for specific user
https://{oktaDomain}/api/v1/groupsFetch all groups (required for processing the groupnames if required groups are configured)
https://{oktaDomain}/api/v1/groups/{groupid}/usersFetch members of a specific group


https://{baseUrl}/auth/oauth2/v2/tokenRequest and refresh access token
https://{baseUrl}/api/v1/usersFetching information for all users
https://{baseUrl}/api/v1/users/{userid}Fetching information for a single user
https://{baseUrl}/api/v1/users/{userid}/groupsFetch groups for specific user
https://{baseUrl}/api/v1/groupsFetch all groups (required for processing the groupnames)
https://{baseUrl}/api/v1/rolesFetch all roles (required for using roles as groupnames)