Set Up Instructions

Atlassian

Connect Atlassian to Ploy to scan identities and access data from your Atlassian organization. This setup requires your Atlassian Organization ID and an API token generated from Atlassian Admin.

Before you begin: make sure you can sign in to admin.atlassian.com and that you know which Atlassian organization you want to connect.

Set up the integration

  1. Open the Atlassian integration in Ploy. The setup form asks for your Atlassian Organization ID, an API token, the Scan unmanaged users setting, a connection name, and the optional Member source of truth? setting.

  2. Find your Atlassian Organization ID. In Atlassian Admin, open the organization you want to connect. Copy the organization ID shown in Atlassian, then paste it into Atlassian Organization ID in Ploy.

  3. Generate an API token. In Ploy, use Generate API Token to open Atlassian's token flow, then create a token for this integration. Paste the value into Enter your API token.

  4. Choose whether to scan unmanaged users. This setting changes which Atlassian accounts Ploy will scan. For most customers, Ploy's preferred and supported setup is to leave Scan unmanaged users unchecked. See Scan unmanaged users below for the full guidance and caveats.

  5. Enter a connection name. Use a name that helps your team identify the connection later, such as Production or EMEA Atlassian.

  6. Decide whether Atlassian is your member source of truth. Enable Member source of truth? only if you want Ploy to treat Atlassian as an authoritative source for membership data for this connection.

  7. Test and save. Click Test to validate the connection. If the test succeeds, click Save.

What each field is for

  • Atlassian Organization ID: identifies which Atlassian organization Ploy should connect to.

  • Enter your API token: lets Ploy authenticate to Atlassian for this connection.

  • Scan unmanaged users: controls whether Ploy scans only managed accounts or both managed and unmanaged accounts.

  • Connection name: the label your team sees in Ploy.

  • Member source of truth? marks this integration as an authoritative membership source for Ploy.

Scan unmanaged users

This setting controls which Atlassian users Ploy scans from your connected organization.

  • If unchecked: Ploy scans only managed Atlassian users.

  • If checked: Ploy scans both managed and unmanaged Atlassian users, with important caveats.

Ploy's preferred supported setup is to leave Scan unmanaged users unchecked and use Atlassian managed accounts. Managed accounts are the accounts your organization has claimed and administers in Atlassian, which gives Ploy a more predictable source of identities.

Atlassian distinguishes between users who have site access and accounts that are managed by your organization. According to Atlassian, the Users page can include managed or unmanaged accounts with site access, while Directory > Managed accounts shows the accounts your organization has claimed and manages. For Atlassian's explanation, see What is the difference between Users page and Managed accounts page?.

Recommended setup: use Atlassian managed accounts and leave Scan unmanaged users unchecked unless you have a specific reason to include unmanaged accounts.

Why this setup is preferred

The integration can still work if you do not use Atlassian's managed user feature, but Ploy cannot guarantee that it will scan every Atlassian user in that setup.

Ploy fetches Atlassian users through the organization directories user endpoint. That endpoint only returns users who are present in a directory associated with your Atlassian organization. If a user is not in one of those directories, Ploy cannot scan that user through this integration.

That is why Atlassian managed accounts are still the preferred setup. They give you a clearer, more complete population to scan and reduce the risk that some Atlassian users will be missing from Ploy.

When to enable it

Enable Scan unmanaged users only if you intentionally want Ploy to include users outside your managed-account population.

When this setting is enabled, the integration can still work well for customers who do not use managed users, but only for accounts that Atlassian has placed in at least one directory associated with the organization. In practice, this means some unmanaged Atlassian users may still be omitted if Atlassian does not return them through the directory-based user API.

If you enable Scan unmanaged users without using Atlassian managed accounts, Ploy may not scan all Atlassian users. Review the synced identities carefully and expect gaps for accounts that are not present in an organization directory.

Why identities may be missing

If the connection succeeds but expected Atlassian identities do not appear in Ploy, first check whether those users are managed accounts in Atlassian or only site users. A user can have access to an Atlassian site without appearing under Managed accounts.

If Scan unmanaged users is turned off, Ploy will not scan those unmanaged site users. If you need them included, either manage those accounts in Atlassian or enable the setting with the caveats above.

What to expect after setup

After you save the integration, Ploy will test the credentials and begin scanning the Atlassian organization based on the settings you selected. The identities Ploy finds depend in part on whether you limit the scan to managed users or include unmanaged users as well.

Was this helpful?