Specify IP addresses for app access
Specify IP addresses for app access
Use an IP allowlist to specify which IP addresses users must use to access content in Jira, Jira Service Management, Confluence, and Atlassian Analytics.
If your organization uses restrictive firewall or proxy server settings, you or your network administrator may need to allowlist certain domains and IP address ranges.
Who can do this?
|
IP 許可リストの制御は次に適用されます。
Confluence のスペースとページ (公開リンクを含む)
Confluence 管理
Jira のタスク、課題、プロジェクト
Jira Service Management customer and agent-facing portals within the same site URL
Jira 管理
Atlassian Analytics
Rovo Experiences*
If users attempt to access these pages from an IP address that is not in the allowlist, they’ll see a message explaining why they don’t have access. Users also won't be able to access that app programmatically via the APIs.
If users access your apps from a Chrome browser, it's possible that their IP address doesn't update when they connect to a different network. This is an issue if their new address is in an allowlist. If this happens, tell your users to clear their browser's cache by entering these keys: Ctrl/Cmd + Shift + R.
Rovo experiences*
Rovo is designed to serve you information across apps. However, IP allowlist controls for individual apps, such as Jira and Confluence, do not apply to all Rovo experiences.
Admins can apply IP allowlisting controls to Rovo experiences at the organization level:
機能 | Covered |
|---|---|
Rovo Search (not including third party connectors) accessed via Projects, Goals, Teams, Home, Studio, and Search apps | |
ブックマーク | |
Rovo チャット | |
Out-of-the-box and custom Rovo Agents (not including automation) | |
Answers and knowledge cards in Search | |
定義 | |
Rovo Browser Extension | |
Rovo Desktop App | |
Rovo Mobile App | |
Rovo Chat in Jira & Confluence Cloud Mobile App | ** |
Assets, Hubs and Automation in Atlassian Studio | |
Rovo MCP |
**Rovo Chat in Jira & Confluence Cloud Mobile app are only covered by selecting Confluence and Jira IP allowlist controls. All other experiences in the above table are covered when selecting Rovo as the app when creating or editing an IP allowlist.
The controls are designed so that only users from approved IP addresses can interact with these Rovo experiences.
Once configured, IP allowlisting applies to Rovo experiences across sites in an organization. So the controls should be configured with IP address range(s) of the full organization, to prevent users from getting locked out of Rovo experiences.
Important: IP allowlisting and Rovo
If an organization admin does not configure IP allowlisting controls for Rovo, then content titles, previews, and paraphrased content from restricted objects (i.e, Jira issues or Confluence pages that require an IP allowlist) may still be retrieved and surfaced by Rovo.
For example, if a user asks Rovo in Chat on home.atlassian.com to summarize a project plan stored in an IP‑allowlisted Confluence space, Rovo can provide a summary and reference source page titles, even when the user is outside the allowed IP range.
IP 許可リストを表示する
IP 許可リストを表示するには、次の手順に従います。
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Device Security > IP allowlists.
You will be able to access admin.atlassian.com even if the IP is outside the range of the allowlist.
許可リストを追加する
許可リストを追加するには、次の手順に従います。
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Device Security > IP allowlists.
[許可リストを作成] を選択します。
許可リストの名前を入力します。
Select the apps you’d like to add to the allowlist.
許可する IP アドレスを入力します。最大 500 個の IP アドレスをコンマ区切りで入力できます。
許可リストをすぐに有効にするか、後で有効にするかを選択します。
Select Create to save the details.
どのような値を追加できますか?
You can set up 500 IP addresses or network blocks per app. We support IPv4 for individual IP address. If you're entering a network block, we support the CIDR notation standard for specifying a block of IP addresses. Refer to CIDR notation more details about how to use CIDR notation.
追加できる値の例をいくつか挙げます。
タイプ | 例 |
|---|---|
IPv4 | 104.192.143.1 |
CIDR ブロック | 104.192.143.0/28 |
IP 許可リストの例外
In some cases, we cannot restrict access for users in your IP allowlist to specific information in Jira, Jira Service Management, and Confluence.
IP 許可リストに関係なく、ユーザーは次の情報タイプを常に閲覧できます。
情報タイプ | 情報の検索方法 | 例 |
|---|---|---|
Recent history in home.atlassian.com | To find Recent history, you go to home.atlassian.com |
When a user goes to home.atlassian.com they can see recent history for both sites whether or not they are part of the IP allowlist |
通知の詳細 | 通知を検索するには、{icon} を選択して通知の詳細を表示します。 | |
Confluence または Jira で誰でも共有できる スマート リンク | スマート リンク を作成するには、URL を任意のページにコピーして貼り付けます。 | |
また、次のものには IP 許可リストの制限が適用されません。
TwoLeggedOAuth を使用するアプリのリンク
アプリの接続
Forge apps with 2LO and 3LO
OAuth 2.0 (3LO) apps
Third-party security tools
If your organization uses security platforms like Zscaler [Source IP Anchoring] that proxy internet traffic, you may need to exclude Atlassian domains (*.atlassian.com, *.atlassian.net, *.atl-paas.net) from proxying in your platform's configuration or add your security platform's IP ranges to your allowlists. These platforms may use different IP addresses for application access and other content, such as media, which can block some content even if users can access the main application. Contact your security platform provider for specific IP ranges and configuration guidance.
Performance tip: For optimal performance, configure your security platform to skip TLS/HTTPS inspection on *.atl-paas.net domains.
この内容はお役に立ちましたか?