Configuring Enterprise managed authentication

What is Enterprise managed authentication?

Enterprise managed authentication, also known as Cross App Access (XAA), lets organization admins control how users authorize Claude to access Atlassian tools through the Atlassian MCP server. Instead of requiring each user to sign in and authorize access individually, MCP authorizations are handled through your identity provider (IdP), such as Okta.

With enterprise managed authentication, access is controlled by your IdP policies, not by the MCP domains list. This means your organization can use existing identity controls, such as app assignments, groups, and conditional access policies, to decide who can connect to Atlassian through Claude.

Use enterprise managed authentication when you want centralized control over MCP access for your organization, especially in environments where access must be managed through an enterprise IdP

How to setup enterprise managed authentication

This guide walks you through connecting your Okta identity provider to Atlassian so your users can securely access Atlassian tools (such as Jira and Confluence) through Claude via the Atlassian MCP server.

You will need:

  • Access to your Atlassian Administration (Organization Admin role)

  • Access to your Okta settings

  • Access to your Claude configuration

  • A terminal to run one curl command

Before you begin: Complete the Okta configuration steps first, then return here to configure the Atlassian side.

Step 1: Find your Atlassian Cloud ID and build your URLs

Several URLs are needed throughout this setup. You'll build them all from your Atlassian Cloud ID, which you can retrieve in one step.

1a. Get your Cloud ID

In your browser, navigate to:

https://<your-site.atlassian.net>/_edge/tenant_info

Replace <your-site.atlassian.net> with your Atlassian site name. The page returns a JSON response — copy the value of the cloudId field.

Example:

https://atlassian-mcp.atlassian.net/_edge/tenant_info

1b. Build your two key URLs

Using your cloudId, construct the following two URLs and save them — you'll use them in later steps.

URL

Pattern

Example

MCP URL (used in Claude)

https://mcp.atlassian.com/v1/mcp/authv2/{cloud_id}

https://mcp.atlassian.com/v1/mcp/authv2/694a8763-9924-4bd8-b8af-abca213bf72f

Auth Server URL (used in Okta)

https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/{cloud_id}

https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/694a8763-9924-4bd8-b8af-abca213bf72f


Step 2: Enable enterprise managed authentication in Atlassian Administration

  1. Go to your Atlassian Admin console and navigate to the Rovo < Rovo MCP server < Authentication tab.

  2. Enable enterprise managed authentication.

     

  3. Select Edit URL and add your trusted identity provider URL — this is your Okta tenant URL.

    Example: https://your-org.okta.com/

Atlassian Rovo MCP server
Edit identity provider url

Your Okta tenant URL can be found in your Okta Admin console. It typically follows the format https://<your-org>.okta.com.

Step 3: Add Atlassian details to Okta

Now add the Atlassian details into your Okta XAA Resource application.

 

XAA configuration
  1. In your Okta Admin console, open the XAA Resource application you created during the Okta setup steps.

  2. Add the Auth Server URL you built in Step 1b.

  3. Add the Client ID you generated in Step 3.

  4. Save your changes.


Step 4: Connect Claude to Atlassian via MCP

The final step is to configure Claude with your Atlassian MCP connection.

Custom connector
  1. In Claude, open your MCP server settings and add a new server.

  2. Enter the MCP URL you built in Step 1b.

  3. Under Advanced settings, enter your Client ID and Client Secret from Step 3.

  4. Set the authentication type to Managed authentication.

  5. Save and connect.

You're all set! Once connected, your users will be able to authenticate with their Okta credentials to access Atlassian tools through Claude.

Still need help?

The Atlassian Community is here for you.