Classic Token Creation
This guide explains how to generate API tokens for your Atlassian environment. SailPoint Entro uses these tokens to authenticate securely with Jira and Confluence - allowing read-only access for scanning issues, pages, and repositories for exposed secrets.
Choosing the Right Method
Use the table below to determine which token generation method applies to your environment.
| Environment | Where to Create Token | Applies To | Notes |
|---|---|---|---|
| Atlassian Cloud | id.atlassian.com → Security → API Tokens | Jira Cloud, Confluence Cloud, Bitbucket Cloud | Tokens are managed via your Atlassian Account portal. |
| Atlassian Server / Data Center | Product UI → Profile → Personal Access Tokens | Jira Server, Confluence Server | Tokens are created locally within each application. |
Atlassian Cloud
For Jira Cloud and Confluence Cloud, all API tokens are created and managed centrally at id.atlassian.com.
-
Log In to Your Atlassian Account
-
Navigate to id.atlassian.com/manage-profile/security/api-tokens.
-
Sign in with the Atlassian account used by SailPoint Entro’s integration user.
-
-
Create a New API Token
-
Click Create API token.
-
Enter a label such as EntroSecurity_Integration.
-
Click Create.
-
Copy the generated token - you will not be able to view it again later.
-
-
Store the Token Securely
-
Paste the token into SailPoint Entro’s Integration Settings when connecting Atlassian Cloud.
-
Optionally, store it in a secrets manager (e.g., Akeyless Vault/1Password) for rotation tracking.
-
You may revoke tokens at any time via the Atlassian Security dashboard.
Note
Best Practice: Create a dedicated integration user (see Dedicated Atlassian User) and use its credentials to minimize exposure.
-
Atlassian Server / Data Center
For on-prem or self-hosted environments (e.g. Jira Server, Confluence Server), tokens are created within each product’s native settings.
-
Log In as the Integration User
-
Open your Jira or Confluence Server web console.
-
Log in with the dedicated SailPoint Entro integration account.
-
Navigate to the user’s Profile.
-
-
Create a Personal Access Token (PAT)
-
From your profile page, select Personal Access Tokens.
-
Click Create Token.
-
Name it EntroSecurity_Scanner.
-
Set an expiry period (recommended: at least 7 days).
-
Click Create.
-
Copy and securely store the generated token.
-
-
Configure the Token in SailPoint Entro
In your SailPoint Entro dashboard:
-
Navigate to Management → Accounts & Integrations → Add New Account.
-
Select Atalassian.
-
Enter your base URL and paste the Personal Access Token.
-
Test the connection and click Save.
-
Permissions Required
| Product | Required Permissions | Description |
|---|---|---|
| Jira | Browse Projects, View Issues, View Attachments, Add Comments (optional for auto-remediation) |
Allows SailPoint Entro to scan and annotate Jira content. |
| Confluence | View Pages, View Attachments, View Comments |
Enables page and comment scanning. |
Security & Best Practices
Note
- Always use read-only tokens for integration.
- Rotate API tokens periodically (recommended every 90 days).
- Avoid using personal user tokens; create a dedicated service account instead.
- If a token is revoked, SailPoint Entro will automatically retry authentication and notify administrators.