Dedicated Atlassian User Creation
This guide explains how to create a dedicated service user in your Atlassian environment for use with SailPoint Entro. Using a separate integration account helps enforce the principle of least privilege, improves auditability, and prevents cross-contamination between production and monitoring activities.
Why Use a Dedicated User?
SailPoint Entro connects to Jira and Confluence using API calls or an on-prem Worker. A dedicated integration user ensures:
-
Clear audit trails in Atlassian logs
-
Isolation from personal user credentials
-
Easier permission management (read-only access)
-
Safe token rotation without disrupting other services
-
Compliance with SOC 2, ISO 27001, and least-privilege requirements
Choosing the Right Account Type
| Environment | User Type | Where to Create | Notes |
|---|---|---|---|
| Atlassian Cloud | Atlassian Account | admin.atlassian.com | Create a new user and assign product access. |
| Atlassian Server / Data Center | Local Application User | Admin Console → User Management | Create within each self-hosted product. |
Atlassian Cloud
-
Access the Admin Console
-
Go to admin.atlassian.com.
-
Select your organization and choose Directory → Users.
-
Click Invite Users.
-
Create the Integration User
-
Enter the email address for your integration account (e.g.,
entro.integration@yourcompany.com). -
Under Product Access, grant access to:
-
Jira Software
-
Confluence
-
-
Assign the Basic or Viewer role where applicable.
-
Click Invite Users.
-
Configure Permissions
In each Atlassian product (Jira, Confluence, Bitbucket), ensure the integration user has read-only access required for scanning:
Product Permissions Purpose Jira Browse Projects,View Issues,View AttachmentsAllows SailPoint Entro to scan issues and attachments. Confluence View Pages,View Comments,View AttachmentsAllows scanning of page and comment content.
Atlassian Server / Data Center
-
Open the Administration Panel
-
Log in to your Jira or Confluence Server as an administrator.
-
Navigate to User Management → Create User.
-
-
Create the Integration Account
-
Username:
entro.integration -
Full Name:
Entro Security Integration -
Email:
entro.integration@yourcompany.com -
Password: Generate a secure password (or use SSO if supported).
Click Create User.
-
-
Assign Permissions
Grant read-only access to relevant projects, spaces, or repositories. Avoid granting global admin roles.
Product Access Type Permissions Jira Server Project Access Browse Projects,View Issues,View AttachmentsConfluence Server Space Access View,View Attachments,View Comments
Token Association
Once the user is created, generate a corresponding API or Personal Access Token under that account. Follow Atlassian Token Creation for instructions on how to generate and associate tokens with this new integration user.
Note
Security Recommendations
- Rotate the integration user’s token regularly (90 days recommended).
- Disable all write/admin permissions.
- Restrict login access to specific IPs or VPN (if possible).
- Document and audit all access under this account.