Skip to content

Dedicated Atlassian User Creation

This guide explains how to create a dedicated service user in your Atlassian environment for use with SailPoint Entro. Using a separate integration account helps enforce the principle of least privilege, improves auditability, and prevents cross-contamination between production and monitoring activities.

Why Use a Dedicated User?

SailPoint Entro connects to Jira and Confluence using API calls or an on-prem Worker. A dedicated integration user ensures:

  • Clear audit trails in Atlassian logs

  • Isolation from personal user credentials

  • Easier permission management (read-only access)

  • Safe token rotation without disrupting other services

  • Compliance with SOC 2, ISO 27001, and least-privilege requirements

Choosing the Right Account Type

Environment User Type Where to Create Notes
Atlassian Cloud Atlassian Account admin.atlassian.com Create a new user and assign product access.
Atlassian Server / Data Center Local Application User Admin Console → User Management Create within each self-hosted product.

Atlassian Cloud

  1. Access the Admin Console

    • Go to admin.atlassian.com.

    • Select your organization and choose Directory → Users.

    • Click Invite Users.

Create the Integration User

  1. Enter the email address for your integration account (e.g., entro.integration@yourcompany.com).

  2. Under Product Access, grant access to:

    • Jira Software

    • Confluence

  3. Assign the Basic or Viewer role where applicable.

  4. Click Invite Users.

  5. Configure Permissions

    In each Atlassian product (Jira, Confluence, Bitbucket), ensure the integration user has read-only access required for scanning:

    Product Permissions Purpose
    Jira Browse Projects, View Issues, View Attachments Allows SailPoint Entro to scan issues and attachments.
    Confluence View Pages, View Comments, View Attachments Allows scanning of page and comment content.

Atlassian Server / Data Center

  1. Open the Administration Panel

    • Log in to your Jira or Confluence Server as an administrator.

    • Navigate to User Management → Create User.

  2. Create the Integration Account

    • Username: entro.integration

    • Full Name: Entro Security Integration

    • Email: entro.integration@yourcompany.com

    • Password: Generate a secure password (or use SSO if supported).

    Click Create User.

  3. Assign Permissions

    Grant read-only access to relevant projects, spaces, or repositories. Avoid granting global admin roles.

    Product Access Type Permissions
    Jira Server Project Access Browse Projects, View Issues, View Attachments
    Confluence Server Space Access View, View Attachments, View Comments

Token Association

Once the user is created, generate a corresponding API or Personal Access Token under that account. Follow Atlassian Token Creation for instructions on how to generate and associate tokens with this new integration user.

Note

Security Recommendations

  • Rotate the integration user’s token regularly (90 days recommended).
  • Disable all write/admin permissions.
  • Restrict login access to specific IPs or VPN (if possible).
  • Document and audit all access under this account.