Monitor Atlassian Rovo MCP server activity

As an administrator of Atlassian apps, you may be concerned about MCP (Model Context Protocol) servers gaining access to your data. Atlassian provides some tools that can help you control which AI tools can access your site’s data.

Who can do this?
Role: Organization admin, Guard Detect admin
Atlassian Cloud: Atlassian Guard Premium
Atlassian Government Cloud: Not available

Options to monitor MCP activity in Guard Detect

The following table contains details of what’s currently covered.

Function	Location	Description	More info
For visibility An OAuth app is installed for the first time (Requires Guard Standard)	Atlassian Administration > Insights > Audit log Type MCP in the search field.	Audit logs show when and which user used OAuth to authorize using the Atlassian Remote MCP server (which will automatically install the Atlassian MCP app). Note: If additional users authorize the app, they do not appear in the audit log.	Manage your organization's Marketplace and third-party apps View audit log activities
For visibility API usage logging (including access from AI agents and MCP apps) (Requires Guard Premium or being an Enterprise customer)	Atlassian Administration > Insights > Audit log Type MCP in the search field.	You can see every API endpoint that the Atlassian MCP app hits. Make sure you have user-created activity enabled for in your audit log settings. In the UI, hover over the AS USER lozenge to identify the user who invoked this log entry. In an activity log export, look for on-behalf-of to identify the user who invoked this log entry.	User-created activity settings
For control Block/allow user-based OAuth connections	Atlassian Administration > Apps > Sites (select a site) > Site settings > Connected apps > Settings tab	Prevent users from installing any OAuth apps completely. This is a blanket setting.	Manage your organization's Marketplace and third-party apps

Function

Location

Description

More info

For visibility

An OAuth app is installed for the first time

(Requires Guard Standard)

Atlassian Administration > Insights > Audit log

Type MCP in the search field.

Audit logs show when and which user used OAuth to authorize using the Atlassian Remote MCP server (which will automatically install the Atlassian MCP app).

Note: If additional users authorize the app, they do not appear in the audit log.

For visibility

API usage logging (including access from AI agents and MCP apps)

(Requires Guard Premium or being an Enterprise customer)

Atlassian Administration > Insights > Audit log

Type MCP in the search field.

You can see every API endpoint that the Atlassian MCP app hits.

Make sure you have user-created activity enabled for in your audit log settings.

In the UI, hover over the AS USER lozenge to identify the user who invoked this log entry. In an activity log export, look for on-behalf-of to identify the user who invoked this log entry.

User-created activity settings

For control

Block/allow user-based OAuth connections

Atlassian Administration > Apps > Sites (select a site) > Site settings > Connected apps > Settings tab

Prevent users from installing any OAuth apps completely. This is a blanket setting.

Manage your organization's Marketplace and third-party apps

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community