Configuring Enterprise managed authentication
What is Enterprise managed authentication?
Enterprise managed authentication, also known as Cross App Access (XAA), lets organization admins control how users authorize Claude to access Atlassian tools through the Atlassian MCP server. Instead of requiring each user to sign in and authorize access individually, MCP authorizations are handled through your identity provider (IdP), such as Okta.
With enterprise managed authentication, access is controlled by your IdP policies, not by the MCP domains list. This means your organization can use existing identity controls, such as app assignments, groups, and conditional access policies, to decide who can connect to Atlassian through Claude.
Use enterprise managed authentication when you want centralized control over MCP access for your organization, especially in environments where access must be managed through an enterprise IdP
How to setup enterprise managed authentication
This guide walks you through connecting your Okta identity provider to Atlassian so your users can securely access Atlassian tools (such as Jira and Confluence) through Claude via the Atlassian MCP server.
You will need:
Access to your Atlassian Administration (Organization Admin role)
Access to your Okta settings
Access to your Claude configuration
A terminal to run one
curlcommand
Before you begin: Complete the Okta configuration steps first, then return here to configure the Atlassian side.
Step 1: Find your Atlassian Cloud ID and build your URLs
Several URLs are needed throughout this setup. You'll build them all from your Atlassian Cloud ID, which you can retrieve in one step.
1a. Get your Cloud ID
In your browser, navigate to:
https://<your-site.atlassian.net>/_edge/tenant_infoReplace <your-site.atlassian.net> with your Atlassian site name. The page returns a JSON response — copy the value of the cloudId field.
Example:
https://atlassian-mcp.atlassian.net/_edge/tenant_info1b. Build your two key URLs
Using your cloudId, construct the following two URLs and save them — you'll use them in later steps.
URL | Pattern | Example |
|---|---|---|
MCP URL (used in Claude) |
|
|
Auth Server URL (used in Okta) |
|
|
Step 2: Enable enterprise managed authentication in Atlassian Administration
Go to your Atlassian Admin console and navigate to the Rovo < Rovo MCP server < Authentication tab.
Enable enterprise managed authentication.
Select Edit URL and add your trusted identity provider URL — this is your Okta tenant URL.
Example:
https://your-org.okta.com/
Your Okta tenant URL can be found in your Okta Admin console. It typically follows the format https://<your-org>.okta.com.
Step 3: Add Atlassian details to Okta
Now add the Atlassian details into your Okta XAA Resource application.
In your Okta Admin console, open the XAA Resource application you created during the Okta setup steps.
Add the Auth Server URL you built in Step 1b.
Add the Client ID you generated in Step 3.
Save your changes.
Step 4: Connect Claude to Atlassian via MCP
The final step is to configure Claude with your Atlassian MCP connection.
In Claude, open your MCP server settings and add a new server.
Enter the MCP URL you built in Step 1b.
Under Advanced settings, enter your Client ID and Client Secret from Step 3.
Set the authentication type to Managed authentication.
Save and connect.
You're all set! Once connected, your users will be able to authenticate with their Okta credentials to access Atlassian tools through Claude.
Was this helpful?