The official Atlassian Rovo MCP Server is a cloud-based bridge between your Atlassian Cloud site and compatible external tools. Once configured, it enables those tools to interact with Jira, Confluence, Jira Service Management, Bitbucket, and Compass data in real time. Authentication uses OAuth 2.1 or API tokens, so every action respects the user's existing access controls.
With the Atlassian Rovo MCP Server, you can:
- Summarize and search Jira, Confluence, Jira Service Management, and Bitbucket content without switching tools.
- Create and update issues or pages based on natural language commands.
- Automate repetitive work, like generating tickets from meeting notes or specs.
It's built for developers, content creators, and project teams who work in IDEs or AI tools and want to use Atlassian data without constantly switching context.
Contents
- Supported clients
- Supported products and tools
- Before you start
- Data and security
- How it works
- Example workflows
- Tips and tricks
- Admin notes: managing access
- Security
- Support and feedback
- Disclaimer
Supported clients
The Atlassian Rovo MCP Server works with a growing list of MCP-compatible clients:
| Client | Setup reference |
|---|---|
| OpenAI ChatGPT | Connectors / MCP guide |
| Claude (Claude.ai, Desktop, and Code) | Claude MCP docs |
| Cursor | Atlassian on the Cursor marketplace |
| Visual Studio Code (GitHub Copilot) | VS Code MCP docs |
| GitHub Copilot CLI | About Copilot CLI |
| Google Gemini CLI | Gemini CLI MCP docs |
| Amazon Quick Suite | MCP integration guide |
The Atlassian Rovo MCP Server also supports any local MCP-compatible client that can run on localhost and connect to the server via the mcp-remote proxy. This enables custom or third-party integrations that follow the MCP specification.
[!TIP] For the current, canonical list of supported clients and step-by-step setup, see Getting started with the Atlassian Rovo MCP Server. You can also refer to your client's own MCP documentation or built-in assistant.
Supported products and tools
Tools are organized by product and intent (read, write, or search). Organization admins grant or revoke access at the permission-group level, and each tool inherits the access of its parent group.
| Product | Permission groups | OAuth 2.1 | API token |
|---|---|---|---|
| Jira | read · write · search | ✅ | ✅ |
| Confluence | read · write · search | ✅ | ✅ |
| Jira Service Management | read · write | — | ✅ (only) |
| Bitbucket Cloud | read · write | — | ✅ (scoped, only) |
| Compass | read · write | ✅ (only) | — |
| Atlassian platform | read_teamwork_graph · search_atlassian | ✅ | ✅ |
[!NOTE] Jira Service Management and Bitbucket Cloud tools are available only via API token authentication, while Compass tools are available only via OAuth 2.1. For the complete, current tool reference, see Supported tools.
Before you start
Check that your environment meets these requirements before you set up the server.
Prerequisites
The requirements depend on how you connect:
For supported clients
- An Atlassian Cloud site with one or more of Jira, Confluence, Jira Service Management, Bitbucket, or Compass
- Access to the client of choice
- A modern browser to complete the OAuth 2.1 authorization flow, or API token credentials for headless authentication
For IDEs or local clients (desktop setup)
- An Atlassian Cloud site with one or more supported products
- A supported IDE (for example, Claude Desktop, VS Code, or Cursor) or a custom MCP-compatible client
- Node.js v18+ installed to run the local MCP proxy (
mcp-remote) - A modern browser for completing OAuth login, or API token credentials for headless authentication
Data and security
The server enforces several security controls:
- All traffic is encrypted in transit over HTTPS (TLS 1.2 or later), per Atlassian's security practices.
- OAuth 2.1 and API token authentication provide secure access control.
- Data access respects Jira, Confluence, Jira Service Management, Bitbucket, and Compass user permissions.
- If your organization uses IP allowlisting for Atlassian Cloud products, tool calls made through the Atlassian Rovo MCP Server also honor those IP rules.
For a deeper overview of the security model and admin controls, see:
How it works
Architecture and communication
-
A supported client connects to the server endpoint. The recommended endpoint for most clients is:
https://mcp.atlassian.com/v1/mcp/authv2The
https://mcp.atlassian.com/v1/mcpendpoint is also supported (for example, for API token configurations). -
Depending on your setup, a secure browser-based OAuth 2.1 flow is triggered, or API token authentication is used.
-
Once authorized, the client streams contextual data and receives real-time responses from your connected Atlassian products.
[!NOTE] The legacy Server-Sent Events endpoint (
https://mcp.atlassian.com/v1/sse) is still supported, but we recommend updating any custom clients configured to use/sseso they now point to/mcp(or/mcp/authv2).
Permission management
Access is granted only to data that the user already has permission to view in Atlassian Cloud. All actions respect existing project or space-level roles. OAuth and API token authentication both honor configured scopes and Atlassian permissions.
API token authentication (headless)
API token authentication is available for headless, service-style, or non-interactive client setups (for example, backend systems or automations). It is also required for Jira Service Management and Bitbucket Cloud tools.
- Admin enablement required: An organization admin must enable API token authentication for the Rovo MCP Server (Atlassian Administration → Rovo → Rovo MCP server → Authentication).
- Scoped token required: Create a personal API t
…