Skip to content

Classic Token Creation

This guide explains how to generate API tokens for your Atlassian environment. SailPoint Entro uses these tokens to authenticate securely with Jira and Confluence - allowing read-only access for scanning issues, pages, and repositories for exposed secrets.


Choosing the Right Method

Use the table below to determine which token generation method applies to your environment.

Environment Where to Create Token Applies To Notes
Atlassian Cloud id.atlassian.com → Security → API Tokens Jira Cloud, Confluence Cloud, Bitbucket Cloud Tokens are managed via your Atlassian Account portal.
Atlassian Server / Data Center Product UI → Profile → Personal Access Tokens Jira Server, Confluence Server Tokens are created locally within each application.

Atlassian Cloud

For Jira Cloud and Confluence Cloud, all API tokens are created and managed centrally at id.atlassian.com.

  1. Log In to Your Atlassian Account

  2. Create a New API Token

    • Click Create API token.

    • Enter a label such as EntroSecurity_Integration.

    • Click Create.

    • Copy the generated token - you will not be able to view it again later.

  3. Store the Token Securely

    • Paste the token into SailPoint Entro’s Integration Settings when connecting Atlassian Cloud.

    • Optionally, store it in a secrets manager (e.g., Akeyless Vault/1Password) for rotation tracking.

    • You may revoke tokens at any time via the Atlassian Security dashboard.

    Note

    Best Practice: Create a dedicated integration user (see Dedicated Atlassian User) and use its credentials to minimize exposure.


Atlassian Server / Data Center

For on-prem or self-hosted environments (e.g. Jira Server, Confluence Server), tokens are created within each product’s native settings.

  1. Log In as the Integration User

    • Open your Jira or Confluence Server web console.

    • Log in with the dedicated SailPoint Entro integration account.

    • Navigate to the user’s Profile.

  2. Create a Personal Access Token (PAT)

    • From your profile page, select Personal Access Tokens.

    • Click Create Token.

    • Name it EntroSecurity_Scanner.

    • Set an expiry period (recommended: at least 7 days).

    • Click Create.

    • Copy and securely store the generated token.

  3. Configure the Token in SailPoint Entro

    In your SailPoint Entro dashboard:

    • Navigate to Management → Accounts & Integrations → Add New Account.

    • Select Atalassian.

    • Enter your base URL and paste the Personal Access Token.

    • Test the connection and click Save.


Permissions Required

Product Required Permissions Description
Jira Browse Projects, View Issues, View Attachments, Add Comments (optional for auto-remediation) Allows SailPoint Entro to scan and annotate Jira content.
Confluence View Pages, View Attachments, View Comments Enables page and comment scanning.

Security & Best Practices

Note

  • Always use read-only tokens for integration.
  • Rotate API tokens periodically (recommended every 90 days).
  • Avoid using personal user tokens; create a dedicated service account instead.
  • If a token is revoked, SailPoint Entro will automatically retry authentication and notify administrators.