Skip to main content
Connect your Atlassian Cloud organization to Oleria to gain continuous visibility into who has access across your organization, and to remediate risky access directly from Oleria. Oleria reads identity, access, and audit data from the Atlassian Organization Admin API, so you can see every account, group, role, and access change in one place. This page provides step-by-step guidance for connecting Atlassian Cloud to Oleria.

What Oleria discovers

Once connected, Oleria continuously discovers and maps the following from your Atlassian organization:
  • Accounts - managed users across every directory in the organization, including account status and job details.
  • Groups and roles - native groups, role assignments, and the membership relationships between users, groups, and roles.
  • Identity directories - each directory in the organization, including identity provider (IdP) synced directories.
  • Audit activity - organization-wide audit events such as group and membership changes, access configuration changes, user lifecycle events, and policy changes.
  • Security posture - account status on any plan, plus multi-factor authentication (MFA) enrollment when you have Atlassian Guard Standard.

Prerequisites

  • Organization admin role on the Atlassian organization (site, workspace, or product admin alone is not sufficient)
  • At least one verified domain in the Atlassian organization, so that accounts are returned as managed users
  • Atlassian Guard Standard subscription, required for full audit event coverage and MFA status (basic account, group, and directory discovery works on any plan)

Create an API key in Atlassian

Oleria connects using an organization API key issued from the Atlassian admin console.
1

Sign in to Atlassian Admin

Sign in to Atlassian Admin as an organization admin and select your organization from the org switcher.
2

Create the API key

Navigate to SettingsAPI keys and select Create API key. Give it a recognizable name such as Oleria connector.You can create an unscoped key for the simplest setup, or create an API key with scopes for least privilege access. An unscoped key covers both discovery and remediation. If you scope the key, grant the following:Multi-factor authentication (MFA) status, account status, and role assignments do not need their own scopes. MFA and account status come back with each account, so they are covered by read:accounts:admin and read:directories:admin, and role assignments are read from the directory, so they are covered by read:directories:admin (together with read:groups:admin for group roles).
The two manage: scopes are only required if you want Oleria to take remediation actions. Omit them for read-only discovery.Atlassian does not publish a scope for every endpoint Oleria reads. With a scoped key, any endpoint that has no matching scope is simply skipped, so you may see partial discovery (an object type quietly never appears) with no error to point at. Use an unscoped key for full, guaranteed coverage. Scopes also cannot be changed after a key is created, so to adjust them you must rotate to a new key.
3

Copy your organization ID and API key

Copy and save the following values - you will need them when connecting in Oleria:
  • Organization ID - the UUID found in the admin console URL, in the form admin.atlassian.com/o/{orgId}/...
  • API key - the key value shown when you create the key
The API key is shown only once and cannot exceed a 1-year lifetime. Store it securely, note the expiry date, and rotate it before it expires to avoid an interruption in discovery.

Connect Atlassian Cloud to Oleria

1

Open the integration

Go to your Oleria workspace, select Integrations → select Atlassian Cloud.
2

Complete the connection form

Select Continue and fill in the connection form:
3

Save the integration

Select Connect to validate and save the integration.

Verify the integration

Confirm the Atlassian Cloud instance appears in your Oleria workspace connected integrations. After the first sync completes, you can review the discovered accounts, groups, and access in your Oleria workspace.
When you rotate the Atlassian API key, update the API key (and expiry date) in Oleria by editing the integration. An expired key will cause discovery to stop.

Remediation actions

Beyond discovery, Oleria can act on Atlassian access to remediate risk. The following actions are supported, and each can be reverted:
Remediation requires an API key with the manage:user:lifecycle and manage:org-user:group-member scopes, or an unscoped key. A read-only key can still perform discovery but will return a permission error when an action runs.

Contact us

For questions about this integration, contact us at support@oleria.com.