Specify IP addresses for app access
Specify IP addresses for app access
Use an IP allowlist to specify which IP addresses or locations users must use to access content in Jira, Jira Service Management, Confluence, and Atlassian Analytics.
If your organization uses restrictive firewall or proxy server settings, you or your network administrator may need to allowlist certain domains and IP address ranges.
Who can do this?
|
IP 許可リストの制御は次に適用されます。
Confluence のスペースとページ (公開リンクを含む)
Confluence 管理
Jira のタスク、課題、プロジェクト
Jira Service Management customer and agent-facing portals within the same site URL
Jira 管理
Atlassian Analytics
Rovo Experiences*
If users attempt to access these pages from an IP address or location that is not in the allowlist, they’ll see a message explaining why they don’t have access. Users also won't be able to access that app programmatically via the APIs.
If users access your apps from a Chrome browser, it's possible that their IP address doesn't update when they connect to a different network. This is an issue if their new address is in an allowlist. If this happens, tell your users to clear their browser's cache by entering these keys: Ctrl/Cmd + Shift + R.
Rovo experiences*
Rovo is designed to serve you information across apps. However, IP allowlist controls for individual apps, such as Jira and Confluence, do not apply to all Rovo experiences.
Admins can apply IP allowlisting controls to Rovo experiences at the organization level:
機能 | Covered |
|---|---|
Rovo Search (not including third party connectors) accessed via Projects, Goals, Teams, Home, Studio, and Search apps | |
ブックマーク | |
Rovo チャット | |
Out-of-the-box and custom Rovo Agents (not including automation) | |
Answers and knowledge cards in Search | |
定義 | |
Rovo ブラウザ拡張機能 | |
Rovo デスクトップ アプリ | |
Rovo モバイル アプリ | |
Rovo Chat in Jira & Confluence Cloud Mobile App | ** |
Assets, Hubs and Automation in Atlassian Studio | |
Atlassian Rovo MCP Server | *** |
**Rovo Chat in Jira & Confluence Cloud Mobile app are only covered by selecting Confluence and Jira IP allowlist controls. Excluding Atlassian Rovo MCP server, experiences in the above table are covered when selecting Rovo as the app when creating or editing an IP allowlist.
The controls are designed so that only users from approved IP addresses can interact with these Rovo experiences.
Once configured, IP allowlisting applies to Rovo experiences across sites in an organization. So the controls should be configured with IP address range(s) of the full organization, to prevent users from getting locked out of Rovo experiences.
***If your organization uses IP allowlisting for Atlassian Cloud apps, requests made through the Atlassian Rovo MCP Server must be included in your organization’s IP allowlist for the relevant Atlassian app. To learn more about IP controls, see Getting started with the Atlassian Rovo MCP Server. See Supported tools for a list of the tools supported by Atlassian Rovo MCP Server.
Important: IP allowlisting and Rovo
If an organization admin does not configure IP allowlisting controls for Rovo, then content titles, previews, and paraphrased content from restricted objects (i.e, Jira issues or Confluence pages that require an IP allowlist) may still be retrieved and surfaced by Rovo.
For example, if a user asks Rovo in Chat on home.atlassian.com to summarize a project plan stored in an IP‑allowlisted Confluence space, Rovo can provide a summary and reference source page titles, even when the user is outside the allowed IP range.
IP 許可リストを表示する
IP 許可リストを表示するには、次の手順に従います。
admin.atlassian.com に移動します。複数の組織がある場合は、対象の組織を選択します。
Select Security > Device Security > IP allowlists.
You will be able to access admin.atlassian.com even if the IP is outside the range of the allowlist.
You can filter and search your IP allowlists to quickly find what you need. The search input supports:
IP address search (including discrete IP matches and subnet matches)
Location search
Policy name search
Search by app (site)
許可リストを追加する
許可リストを追加するには、次の手順に従います。
admin.atlassian.com に移動します。複数の組織がある場合は、対象の組織を選択します。
Select Security > Device Security > IP allowlists.
Select IP allowlist.
許可リストの名前を入力します。
Select the apps you’d like to add to the allowlist.
Select an access origin to include in the allowlist: IP address or Location.
Select a location or enter the IP address to allow. You can enter up to 500 IP addresses, separated by commas.
Select Create allowlist to save the details.
Select Activate IP allowlist.
Note: IP Address and Country Limits
For a given app, you can enter up to 500 IP addresses or countries across all active policies.
どのような値を追加できますか?
You can set up 500 IP addresses, network blocks, or locations per app. We support IPv4 and IPv6 for individual IP address. If you're entering a network block, we support the CIDR notation standard for specifying a block of IP addresses. Refer to CIDR notation more details about how to use CIDR notation.
追加できる値の例をいくつか挙げます。
タイプ | 例 |
|---|---|
IPv4 | 104.192.143.1 |
CIDR ブロック | 104.192.143.0/28 |
場所 | Australia (AU) |
IP 許可リストの例外
In some cases, we cannot restrict access for users in your IP allowlist to specific information in Jira, Jira Service Management, and Confluence.
IP 許可リストに関係なく、ユーザーは次の情報タイプを常に閲覧できます。
情報タイプ | 情報の検索方法 | 例 |
|---|---|---|
Recent history in home.atlassian.com | To find Recent history, you go to home.atlassian.com |
When a user goes to home.atlassian.com they can see recent history for both sites whether or not they are part of the IP allowlist |
通知の詳細 | 通知を検索するには、{icon} を選択して通知の詳細を表示します。 | |
Confluence または Jira で誰でも共有できる スマート リンク | スマート リンク を作成するには、URL を任意のページにコピーして貼り付けます。 | |
また、次のものには IP 許可リストの制限が適用されません。
TwoLeggedOAuth を使用するアプリのリンク
アプリの接続
Forge apps with 2LO and 3LO
OAuth 2.0 (3LO) apps
Third-party security tools
If your organization uses security platforms like Zscaler [Source IP Anchoring] that proxy internet traffic, you may need to exclude Atlassian domains (*.atlassian.com, *.atlassian.net, *.atl-paas.net) from proxying in your platform's configuration or add your security platform's IP ranges to your allowlists. These platforms may use different IP addresses for application access and other content, such as media, which can block some content even if users can access the main application. Contact your security platform provider for specific IP ranges and configuration guidance.
Performance tip: For optimal performance, configure your security platform to skip TLS/HTTPS inspection on *.atl-paas.net domains.
この内容はお役に立ちましたか?