Skip to main content
Atlassian’s Rovo MCP server connects with a single OAuth approval. It authenticates with standard OAuth 2.1 and dynamic client registration, so you paste the remote URL, click Continue, and approve a consent screen — you bring no client ID, secret, or token. The server exposes Jira, Confluence, and Compass, scoped to your own Atlassian permissions.
When you connect the Atlassian Rovo MCP URL, MCP Manager’s authentication detection lands on Standard OAuth (dynamic client registration). You don’t supply any keys — you just approve the Atlassian consent screen and pick the site(s) to authorize.
This guide is a convenience based on Atlassian’s setup at the time of writing. Atlassian’s own Rovo MCP Server documentation is authoritative and may be more current. The requirements below — the remote URL, admin enablement, and which products are exposed — come from Atlassian, not from MCP Manager. If a step here has drifted or a connection problem is specific to how Atlassian works, Atlassian support is the fastest path to an answer.
This guide covers Jira, Confluence, and Compass over OAuth. Bitbucket Cloud is not included — its tools authenticate only with a scoped API token, not OAuth, and require extra admin setup (an org-linked workspace and API-token authentication enabled for the Rovo MCP server). If you’ve connected here and don’t see any Bitbucket tools, that’s expected. See Connect Bitbucket.

What each authentication method unlocks

The Rovo MCP server accepts two authentication methods, and they reach different parts of the Atlassian ecosystem. This guide uses OAuth 2.1; the Bitbucket guide uses a scoped API token. Here’s what each unlocks today: How to read it: grey = reachable with either method; purple = OAuth only (Compass); green = API token only (Bitbucket Cloud and Jira Service Management). The OAuth path below covers Jira, Confluence, Compass, and the shared platform tools — for Bitbucket or Jira Service Management, use the API-token path in the Bitbucket guide.

Before you start

Most of what you need is on the Atlassian side, and it’s about access rather than credentials. One part requires an organization adminallowlisting MCP Manager’s callback domain — so line that up first.

What you’ll need

  • An Atlassian Cloud account with access to the Jira, Confluence, or Compass sites you want to reach. The Rovo MCP server respects your existing Atlassian permissions — it can only see what your account can already see.
  • The site(s) you intend to authorize. A single Atlassian account can belong to several Cloud sites; you choose which ones to grant during the consent flow.
  • An Atlassian login you can complete in a browser — the approval is an interactive, browser-based OAuth 2.1 flow.
You bring nothing to paste beyond the URL. There’s no OAuth app to register and no client ID or secret to create — Atlassian’s server handles client registration automatically for allowlisted domains, so the only manual step is approving the consent screen.

Allowlist MCP Manager’s callback domain

For the OAuth approval to succeed, an organization admin must allowlist the domain MCP Manager’s callback comes from. Atlassian’s Rovo MCP server uses a domain allowlist to decide which AI tools may connect over OAuth 2.1 — if MCP Manager isn’t on it, the consent screen can still appear, but the connection fails. This is a one-time setup for the whole organization:
1

Open the Rovo MCP server settings

Go to admin.atlassian.com and select your organization. In the left sidebar, open Apps → AI settings → Rovo MCP server (in some organizations this lives under Rovo → Rovo MCP server).
2

Add MCP Manager's callback domain

Under Allowed domains, click Add domain, paste MCP Manager’s OAuth callback URL, and save:
MCP Manager OAuth callback
3

Confirm the exact value in MCP Manager

The callback URL for your instance is shown in MCP Manager under Settings → Security → OAuth Callback. Copy it from there to be certain it matches before saving it in Atlassian.
Removing this domain from the allowlist immediately revokes access for all users connecting through MCP Manager. If your organization also enforces an IP allowlist, the admin must also allow MCP Manager’s egress IPs — find the current list at MCP Manager’s IP ranges (machine-readable JSON) — or the OAuth flow and later tool calls will be blocked. Both are Atlassian-side controls — see Control Atlassian Rovo MCP server settings.

Connect the server

1

Confirm the callback domain is allowlisted

Before connecting, make sure an admin has allowlisted MCP Manager’s callback domain in the Rovo MCP server settings — and, if your organization enforces an IP allowlist, permitted MCP Manager’s egress traffic. Without it, the OAuth approval will fail. This is an Atlassian-side requirement, not an MCP Manager one.
2

Open the Servers page and add a server

On the Servers page, add a server to begin a new connection.
3

Paste the remote MCP URL and click Continue

Paste Atlassian’s remote MCP server URL, then click Continue to trigger discovery:
Atlassian Rovo MCP URL
Newer OAuth 2.1 clients may use the equivalent https://mcp.atlassian.com/v1/mcp/authv2 endpoint. Both reach the same Rovo MCP server; use the URL Atlassian’s current docs list for OAuth clients.
4

Approve the Atlassian consent screen

Detection resolves to Standard OAuth (dynamic client registration), so MCP Manager redirects you to Atlassian’s browser-based OAuth 2.1 flow. Sign in if prompted, then approve the consent screen. You provide no keys at this step.
5

Choose the site(s) to authorize

During the flow, pick which Atlassian Cloud site(s) and resources to grant. Authorization is per user and bounded by your existing permissions — the server only exposes the Jira projects, Confluence spaces, and Compass components your account can already access.
6

Finish in MCP Manager

After you approve, MCP Manager stores the resulting OAuth token encrypted and attaches it to every request it makes to Atlassian. The server’s tools are now available to add to a gateway.

Gotchas & things to keep in mind

  • Admin enablement is the most common blocker. OAuth approval fails if your Atlassian organization hasn’t enabled the Rovo MCP server or hasn’t allowlisted the connecting domain. Removing a domain from the allowlist immediately revokes access for all users — confirm enablement before you connect.
  • Access is per user and permission-bound. Each person authenticates with their own Atlassian account, and the server can only reach what that account already can. Granting the connection never widens anyone’s Jira, Confluence, or Compass permissions.
  • Pick the right site(s) during consent. One Atlassian account can span multiple Cloud sites. If a project or space is missing after connecting, the most likely cause is that its site wasn’t selected during the OAuth flow — reconnect and authorize it.
  • IP allowlists apply to MCP Manager’s egress. If your organization restricts inbound connections by IP, Atlassian needs MCP Manager’s egress traffic permitted, or the OAuth flow and subsequent calls will be blocked. This is an Atlassian-side network control.
  • Per-user OAuth means per-user identity. Because each user approves their own consent, every action is attributable to that individual rather than a shared service account. See per-user versus shared identity for how this maps to gateway identities.
  • Bitbucket Cloud isn’t part of this connection. OAuth exposes Jira, Confluence, and Compass only. Bitbucket tools require a separate API-token connection and extra admin setup — see Connect Bitbucket.

Further reading

Connect Bitbucket

Bitbucket Cloud rides on the same Rovo MCP server but needs a scoped API token and extra admin setup — covered separately.

Find & Connect MCP Servers

How MCP Manager detects authentication type, and how to find other servers’ URLs.

How MCP Manager authenticates

The OAuth flow Atlassian Rovo uses, in depth, plus per-user versus shared identity.

Identities for remote servers

How the OAuth credential you just approved is secured and made available.

Connect your AI client

Point Claude, Cursor, or another client at the gateway once the server is connected.

External sources

Getting started with the Atlassian Rovo MCP Server

Atlassian’s authoritative reference for the remote MCP server — the URL, supported products, and admin enablement.

Authentication and authorization

Atlassian’s detail on the OAuth 2.1 flow, dynamic client registration, and per-user consent.