Control Atlassian Rovo MCP server settings

You can control the AI tools that connect to your Atlassian organization. This prevents unauthorized access to apps in your organization. Either allow or block AI tools from connecting to the Atlassian Rovo MCP server. These settings work together with your existing Atlassian security controls, such as IP allowlisting and app management policies.

Who can do this?
Role: Organization admin
Atlassian Cloud: Free, Atlassian Guard Standard, Atlassian Guard Premium, Enterprise
Atlassian Government Cloud: Not available

You can only block domains for AI tools that use OAuth 2.1, but not when they use API tokens to access your organization.

Block Atlassian-supported domains

To block Atlassian-supported domains:

Go to Atlassian Administration. Select your organization if you have more than one.
Select Apps > AI settings > Rovo MCP server.
Deselect Allow Atlassian supported domains.

What are Atlassian-supported domains?

Add domains

You can add domains you trust to enable integrations with specific AI tools.

To add a domain:

Go to Atlassian Administration. Select your organization if you have more than one.
Select Apps > AI settings > Rovo MCP server.
Select Add domain.

How to format domain URLs

Delete domains

You can remove domains from your organization to prevent AI tools from accessing your apps.

To delete a domain:

Go to Atlassian Administration. Select your organization if you have more than one.
Select Apps > AI settings > Rovo MCP server.
From the domain, select Delete.

How these settings interact with IP allowlisting

The Atlassian Rovo MCP server settings on this page only control which AI tools and domains are allowed to connect to your organization. They do not change your organization’s IP allowlists.

If your organization uses IP allowlisting for Atlassian Cloud apps:

IP allowlists are configured in Atlassian Administration, not in the Atlassian Rovo MCP server settings page in Atlassian Administration.
Requests made through the Atlassian Rovo MCP server must originate from an IP address that is allowed by your organization’s IP allowlist for the relevant Atlassian app.
Even if a domain is allowed here, users connecting from a blocked IP address will not be able to run tools through the Atlassian Rovo MCP server and will see an error such as:
You don't have permission to connect from this IP address. Please ask your admin for access.

Specify IP addresses for app access

Disclaimer

MCP clients can perform actions in Jira, Confluence, and Compass with your existing permissions. Use least privilege, review high‑impact changes before confirming, and monitor audit logs for unusual activity.

Learn more: MCP Clients - Understanding the potential security risks

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community