I’m looking into how to integrate SailPoint with Confluence. After checking the official documentation, I have found the “Atlassian Suite” connector but it does not mention all the supported capabilities specifically for Confluence.
I have a few specific questions regarding this integration:
Integration Method: Since there isn’t a dedicated connector, what’s the best way to approach this? Can the “Atlassian Suite” connector be used or should I consider a different approach?
Data Aggregation: I noticed that the “Entitlement aggregation” reads the ProjectRoles (which should be a pair of a Project ID and a particular Role on that project).
Can Confluence Spaces be aggregated? And Confluence Groups?
What other entitlements can be aggegated?
What information can be aggregated from Confluence into SailPoint?
Provisioning Capabilities: What provisioning functionalities are supported? For example, can we create, disable, or update users and manage group memberships directly from SailPoint?
Is it possible to create new projects and roles or to create roles within a project?
Known Limitations: What are the major limitations of this integration? Are there specific features or types of data that are not supported?
Any insights, best practices, or past experiences with a SailPoint-Confluence integration would be incredibly helpful!
Thank you in advance
Connector Choice: There is no dedicated “Confluence” connector. The Atlassian Suite Cloud connector is the recommended approach for integrating with Confluence, Jira, and Jira Service Management. It supports reading and provisioning Atlassian users and groups, and manages access to Confluence by controlling group memberships that grant access to Confluence.
Supported Platforms: Both Atlassian Cloud and Data Center versions are supported (Confluence 8.9.3 for Data Center).
No Space/Group Linkage: APIs do not provide a way to link users, groups, and spaces together for contextual access governance. This limits the ability to govern space-level permissions directly from SailPoint. [API Enhanc…Spaces …
Entitlement Granularity: Only group memberships are managed for Confluence; finer-grained entitlements (like space permissions) are not exposed.
Bitbucket: The Atlassian Suite connector does not support Bitbucket management.
Email Privacy: Aggregation may be limited by Atlassian privacy settings (e.g., email visibility), which can affect account correlation. [Integratin…uite Cloud]
Provisioning Capabilities
Supported Actions:
User and Group Management: You can create, disable, and update users, and manage group memberships from SailPoint. This is the main provisioning capability for Confluence access.
Project/Role Creation: There is no support for creating new Confluence Spaces or roles within spaces via SailPoint. Provisioning is limited to user and group management.
How It Works: Provisioning is automatic for sources with direct connectors (like Atlassian Suite Cloud). You can configure attribute sync, lifecycle state-based access, and access profiles for automated provisioning. Provisioning Documentation
Aggregation
What Can Be Aggregated:
Users and Groups: The connector aggregates Atlassian users and groups. Group membership is the primary mechanism for managing access to Confluence.
Entitlements: The connector aggregates entitlements as group memberships. There is no explicit mention of aggregating Confluence Spaces or Space-level permissions as entitlements. ProjectRoles are supported for Jira, but for Confluence, the focus is on groups.
Spaces & Groups: Aggregation of Confluence Spaces and mapping group access to specific spaces is not natively supported—you can aggregate users, groups, and spaces individually, but there is no API to link users/groups to spaces directly in SailPoint.