Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
User Sync endpoints
The problem
User Sync shows an error like
Token request failed
java.net.SocketException: Connection resetor won't let you authorize the connector in the first place, i.e. with an Azure connector.
The solution
User Sync needs direct access to the API of the Identity provider of the connector.
Below the endpoints to which your Atlassian application server needs internet access to:
Microsoft Entra ID (formerly Azure AD)
| URL | Reason |
|---|---|
| https://login.microsoftonline.com/{directoryTenantId}/oauth2/v2.0/token | Request and refresh access token |
| https://graph.microsoft.com/{apiVersion}/users | Fetching information for all users |
| https://graph.microsoft.com/{apiVersion}/users/{userid} | Fetching information for a single user |
| https://graph.microsoft.com/{apiVersion}/users/{userid}/manager | Fetch assigned mamager of a specific user |
| https://graph.microsoft.com/{apiVersion}/users/{userid}/memberOf | Fetch groups for specific user |
| https://graph.microsoft.com/{apiVersion}/users/{userid}/photos | Fetch profile picture for specific user |
| https://graph.microsoft.com/{apiVersion}/users/{userid}/transitiveMemberOf | Fetch groups including transitive group memberships for specific users |
| https://graph.microsoft.com/{apiVersion}/groups | Fetch all groups (required for processing the groupnames if required groups are configured) |
| https://graph.microsoft.com/{apiVersion}/groups/{groupid}/members | Fetch members of a specific group |
| https://graph.microsoft.com/{apiVersion}/groups/{groupid}/transitiveMembers | Fetch members of a specific group including transitive group memberships |
Used options for apiVersion are "v1.0" and "beta".
G Suite
| URL | Reason |
|---|---|
https://accounts.google.com/o/oauth2/v2/auth | Request OAuth2 authorization |
| https://www.googleapis.com/oauth2/v4/token | Request and refresh access token |
| https://www.googleapis.com/admin/directory/v1/users | Fetching information for all users |
| https://www.googleapis.com/admin/directory/v1/users/{userid} | Fetching information for a single user |
| https://www.googleapis.com/admin/directory/v1/users/{userid}/photos/thumbnail | Fetch profile picture for specific user |
https://www.googleapis.com/admin/directory/v1/groups | Fetch groups for specific user |
Keycloak
| URL | Reason |
| https://{baseUrl}/realms/{realm}/protocol/openid-connect/token | Request and refresh access token |
| https://{baseUrl}/admin/realms/{realm}/users | Fetching information for all users |
| https://{baseUrl}/admin/realms/{realm}/users/{userid} | Fetching information for a single user |
| https://{baseUrl}/admin/realms/{realm}/users/{userid}/groups | Fetch groups for specific user |
| https://{baseUrl}/admin/realms/{realm}/groups | Fetch all groups (required for processing the groupnames if required groups are configured) |
| https://{baseUrl}/admin/realms/{realm}/groups/{groupId}/members | Fetch members of a specific group |
Okta
| URL | Reason |
|---|---|
| https://{oktaDomain}/api/v1/users | Fetching information for all users |
| https://{oktaDomain}/api/v1/users/{userid} | Fetching information for a single user |
| https://{oktaDomain}/api/v1/users/{userid}/groups | Fetch groups for specific user |
| https://{oktaDomain}/api/v1/groups | Fetch all groups (required for processing the groupnames if required groups are configured) |
| https://{oktaDomain}/api/v1/groups/{groupid}/users | Fetch members of a specific group |
OneLogin
| URL | Reason |
|---|---|
| https://{baseUrl}/auth/oauth2/v2/token | Request and refresh access token |
| https://{baseUrl}/api/v1/users | Fetching information for all users |
| https://{baseUrl}/api/v1/users/{userid} | Fetching information for a single user |
| https://{baseUrl}/api/v1/users/{userid}/groups | Fetch groups for specific user |
| https://{baseUrl}/api/v1/groups | Fetch all groups (required for processing the groupnames) |
| https://{baseUrl}/api/v1/roles | Fetch all roles (required for using roles as groupnames) |