User Sync endpoints
The problem
User Sync shows an error like
- Token request failed
- java.net.SocketException: Connection reset
or won't let you authorize the connector in the first place, i.e. with an Entra ID connector.
The solution
User Sync needs direct access to the API of the Identity provider of the connector.
Below are the endpoints to which your Atlassian application server needs internet access:
Microsoft Entra ID
URL | Reason |
|---|---|
https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/token | Request and refresh the access token |
https://graph.microsoft.com/{apiVersion}/users | Fetching information for all users |
https://graph.microsoft.com/{apiVersion}/users/{userid} | Fetching information for a single user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/manager | Fetch the assigned manager of a specific user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/memberOf | Fetch groups for specific user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/photos | Fetch profile picture for specific user |
https://graph.microsoft.com/{apiVersion}/users/{userid}/transitiveMemberOf | Fetch groups including transitive group memberships for specific users |
https://graph.microsoft.com/{apiVersion}/groups | Fetch all groups (required for processing the group names if required groups are configured) |
https://graph.microsoft.com/{apiVersion}/groups/{groupid}/members | Fetch members of a specific group |
https://graph.microsoft.com/{apiVersion}/groups/{groupid}/transitiveMembers | Fetch members of a specific group including transitive group memberships |
Used options for apiVersion are "v1.0" and "beta".
Google Cloud Identity
URL | Reason |
|---|---|
https://accounts.google.com/o/oauth2/v2/auth | Request OAuth2 authorization |
https://www.googleapis.com/oauth2/v4/token | Request and refresh the access token |
https://www.googleapis.com/admin/directory/v1/users | Fetching information for all users |
https://www.googleapis.com/admin/directory/v1/users/{userid} | Fetching information for a single user |
https://www.googleapis.com/admin/directory/v1/users/{userid}/photos/thumbnail | Fetch profile picture for specific user |
https://www.googleapis.com/admin/directory/v1/groups | Fetch groups for specific user |
Keycloak
URL | Reason |
https://{baseUrl}/realms/{realm}/protocol/openid-connect/token | Request and refresh the access token |
https://{baseUrl}/admin/realms/{realm}/users | Fetching information for all users |
https://{baseUrl}/admin/realms/{realm}/users/{userid} | Fetching information for a single user |
https://{baseUrl}/admin/realms/{realm}/users/{userid}/groups | Fetch groups for specific user |
https://{baseUrl}/admin/realms/{realm}/groups | Fetch all groups (required for processing the group names if required groups are configured) |
https://{baseUrl}/admin/realms/{realm}/groups/{groupId}/members | Fetch members of a specific group |
Okta
URL | Reason |
|---|---|
https://{oktaDomain}/api/v1/users | Fetching information for all users |
https://{oktaDomain}/api/v1/users/{userid} | Fetching information for a single user |
https://{oktaDomain}/api/v1/users/{userid}/groups | Fetch groups for specific user |
https://{oktaDomain}/api/v1/groups | Fetch all groups (required for processing the group names if required groups are configured) |
https://{oktaDomain}/api/v1/groups/{groupid}/users | Fetch members of a specific group |
OneLogin
URL | Reason |
|---|---|
https://{baseUrl}/auth/oauth2/v2/token | Request and refresh the access token |
https://{baseUrl}/api/v1/users | Fetching information for all users |
https://{baseUrl}/api/v1/users/{userid} | Fetching information for a single user |
https://{baseUrl}/api/v1/users/{userid}/groups | Fetch groups for specific user |
https://{baseUrl}/api/v1/groups | Fetch all groups (required for processing the group names) |
https://{baseUrl}/api/v1/roles | Fetch all roles (required for using roles as group names) |