Add restrictions to automation steps
Configure site-level controls on your automation steps, to restrict how they can be used. For example, you could restrict the Send email action so that automation flows can only send emails to specific domains. This helps you ensure that your teams' automation flows aren’t sending data to unauthorized external parties.
Before you begin
This feature is only available on the Enterprise plan.
You must be a global admin in either Jira or Confluence to add restrictions to automation steps. To learn more:
Add restrictions to a step
Navigate to Global automation
For Confluence automation, go to Confluence settings, then Automation
For Jira automation, go to Jira settings, then System. Choose Global automation
Select More actions (…), then Configure steps
Select Configure for the action you want to add restrictions to.
Steps that can be restricted
Automation Step | How the allowlist works |
|---|---|
Send Email | Restrict to specific email domains (e.g. @example.com, @example.com.au). You can also add specific email addresses (e.g. design@example.com). |
Send Web request | Restrict to specific URLs (e.g exampleservice.com) |
Send Slack message | Restrict to Slack instances (e.g. example.slack.com/archive…) |
Send Teams message | Restrict to Teams instances (e.g. teams.microsoft.com….) |
Send Twilio notification | Restrict to specific phone numbers (e.g. 415-2739164) |
Things to remember
Allowlists can’t be empty: This means that if you enable an allowlist for an action, it must contain at least one entry.
Configurations aren’t shared across apps: For example, if you have an allowlist for the Send email action in Jira automation, it won’t apply to the Send email action in Confluence automation flows.
Was this helpful?