Atlassian (Formerly Atlassian Jira Software)

Atlassian (formerly Atlassian Jira Software) is a work management tool for various use cases, from requirements and test case management to agile software development.

This adapter allows you to fetch data and get visibility and security across all Atlassian accounts and products at your company, including the users managed under the following cloud products:

Jira Software
Jira Work Management
Jira Service Management
Confluence
Bitbucket
Trello
Opsgenie

Asset Types Fetched

Users, Roles, Groups, Application Settings, Accounts/Tenants, Application Resources, Permissions, Secrets

Before You Begin

Authentication Methods

The adapter automatically detects which authentication method to use based on the User Name field format:

If the User Name does not contain an @ symbol, the adapter uses OAuth 2.0 authentication.
If the User Name contains an @ symbol, the adapter uses the traditional API Token authentication.

Scopes and API Endpoints Required for Using OAuth 2.0 Authenticatione

Required Regular Scopes

read:jira-work
write:jira-work
read:jira-user
manage:jira-project
manage:jira-configuration
read:confluence-content.all
manage:confluence
offline_access   (for refresh tokens)

Minimal Recommended Granular Scope Set

# Jira Platform
read:user:jira
write:user:jira
read:issue:jira
write:issue:jira
read:project:jira
read:project-role:jira
read:group:jira
read:permission-scheme:jira
read:application-property:jira
manage:jira-configuration

# Jira Assets
read:cmdb-object:jira
write:cmdb-object:jira
read:cmdb-schema:jira

# JSM
read:servicedesk-request:jira

# Confluence
read:audit-log:confluence
read:configuration:confluence
manage:confluence

# Token refresh
offline_access

Jira Platform REST API

Endpoint constant / path	Method	Granular OAuth2 Scope
`api/{version}/users/search`	GET	read:user:jira
`api/3/user (jira_software_create_user)`	POST	write:user:jira
`api/3/user (jira_software_delete_user)`	DELETE	write:user:jira
`api/{version}/search (issue search)`	POST	read:issue:jira
`api/{version}/issue (create issue)`	POST	write:issue:jira
`api/{version}/project/search (GET_PROJECTS_ENDPOINT)`	GET	read:project:jira
`api/{version}/project/{id}/roledetails (PROJECT_ROLES_ENDPOINT)`	GET	read:project-role:jira
`api/{version}/project/{id}/role/{role_id} (PROJECT_SPECIFIC_ROLE_ENDPOINT)`	GET	read:project-role:jira
`api/{version}/group/bulk (GET_GROUPS_ENDPOINT)`	GET	read:group:jira
`api/{version}/group/member (GET_GROUP_MEMBERS_ENDPOINT)`	GET	read:group:jira
`api/{version}/permissionscheme (GET_PERMISSIONS_SCHEME_ENDPOINT)`	GET	read:permission-scheme:jira
`api/3/application-properties (APP_PROPERTIES_ENDPOINT)`	GET	read:application-property:jira

Jira Assets / CMDB (Insight)

Endpoint	Method	Granular OAuth2 Scope
`rest/insight/{ver}/iql/objects`	GET	read:cmdb-object:jira
`rest/assets/{ver}/aql/objects`	GET	read:cmdb-object:jira
`rest/assets/{ver}/object/aql`	GET / POST	read:cmdb-object:jira
`rest/assets/{ver}/objecttype/{id}/attributes`	GET	read:cmdb-schema:jira
`rest/assets/{ver}/object/create`	POST	write:cmdb-object:jira

Jira Service Management

Endpoint	Method	Granular OAuth2 Scope
`rest/servicedeskapi/{type}/workspace`	GET	read:servicedesk-request:jira

Admin / Plugin / Mail Settings

Endpoint constant	Method	Granular OAuth2 Scope
`MAIL_SETTINGS_ENDPOINT → jira-email-processor-plugin/1.0/mail/global/settings`	GET	manage:jira-configuration ⚠️ admin-only
`GLOBAL_UPM_SETTINGS_ENDPOINT → rest/plugins/1.0/settings`	GET	manage:jira-configuration ⚠️ admin-only

Confluence

Endpoint constant	Method	Granular OAuth2 Scope
`CONFLUENCE_UPM_SETTINGS_ENDPOINT → wiki/rest/plugins/1.0/settings`	GET	manage:confluence ⚠️ admin-only
`CONFLUENCE_AUDIT_SETTINGS_ENDPOINT → wiki/rest/api/audit/retention`	GET	read:audit-log:confluence
`CONFLUENCE_GRAPHQL_ENDPOINT → cgraphql (site permissions GraphQL)`	POST	read:configuration:confluence

Atlassian Admin API (`api.atlassian.com`)

These are called via _paginated_admin_api_by_cursor with a separate Authorization: Bearer {admin_api_key} header — not covered by Jira OAuth2 scopes. They require an Atlassian Organization Admin API key.

Constant	URL	Required
ATLASSIAN_ORG_API	`https://api.atlassian.com/admin/v1/orgs`	Org Admin API key
ATLASSIAN_ORG_API_USERS	`https://api.atlassian.com/admin/v1/orgs/{org_id}/users`	Org Admin API key
ATLASSIAN_API_TOKENS	`https://api.atlassian.com/admin/api-access/v1/orgs/{org_id}/api-tokens`	Org Admin API key

APIs

Axonius uses the Jira Cloud platform REST API.

Related Enforcement Actions

Version Matrix

This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.

Version	Supported	Notes
V3	Yes	--