Glean requires authentication to the Atlassian instance in order to fetch relevant information from Confluence and JIRA.
For Cloud Confluence/Jira, the Atlassian admin needs to install Glean’s Atlassian Connect apps to the instance. For On-prem Confluence/Jira authentication is done by creating a dedicated user account in Atlassian and authenticating with the username/password.
Glean understands all user access permissions and strictly enforces permissions for users at the time of the query which ensures that users are not able to see results which they do not have access to.
Note: Glean does not support issue-level security policies on Jira Datacenter due to limitations of their API.
It’s important to note that all data is stored in a GCP project inside the customer’s cloud account and no data leaves the customer's environment.
For JIRA, Glean indexes the following content:
For Confluence, Glean indexes the following content:
Comments - from both Pages and Blogs
For Service Management, Glean indexes the following content:
Requests / Tasks
Glean will use the standard API to ingest all data. For Service Management, Glean uses the Service Desk API to ingest request types.
In order to capture changes as quickly as possible, Glean will deploy a webhook which will send push notifications to an endpoint deployed in the GCP project (inside your cloud infrastructure).
In order to set up Atlassian connectors, administrator permissions are required.
The Jira/Confluence admin will install an Atlassian Marketplace app with Admin scope (Note that we need Admin scope to fetch permissions associated with Jira objects - this is required for correct permissions enforcement in the search experience) that will be used for indexing the content, and another Connect app that delivers webhooks to the customer’s Glean instance. Installing the Glean connect app for Confluence will allow the app to read all unrestricted pages in these spaces. It will not be able to read restricted pages unless the admin grants access to the Glean app for those pages.
Create a new user account that has access to all content in both JIRA and Confluence. Use this account to create an API token as listed below.
Please note: Atlassian does not have the ability to create a service account so you will need to create a new user account which will most likely require that your GSuite or SSO admin is also present so that they can create a new user in that system.
The user account needs to be an Administrator in Jira. This is needed to be able to enumerate all users who have Jira product access.
The user account needs “Administer Project” permissions for all Jira projects that need to be indexed.
The user accounts need to be added to all Confluence spaces that need to be indexed, and needs to be an admin in all those spaces (in order to be able to fetch the space permissions used to enforce permissions-aware search over Confluence)
In addition, please provide the IP address of the Server.
The Confluence admin can exclude indexing certain spaces by removing the Glean app/service account from the space permissions of those spaces. Similarly the Jira admin can exclude the Glean app/service account from indexing specific projects by removing it from those projects’ permissions settings. Additionally, more parameters can be specified via configuration (full list will be shared on request; these include parameters to whitelist/blacklist certain Confluence spaces or Jira projects, control full/incremental crawl rates, handling of restricted pages, selecting attributes/facets to index etc.)
For any questions or issues with this setup, please reach out to firstname.lastname@example.org.