Workflows

User Provisioning

• Create user account: admin.atlassian.com > User management > Invite users

- REST API: POST /rest/api/3/user with {"emailAddress": "...", "displayName": "...","products": [...]}

• Add to appropriate groups: admin.atlassian.com > User management > Groups > [group] > Add members
• Assign product access (Jira, Confluence) via admin.atlassian.com > Products > [product] > Access
• Configure default permissions per group scheme
• Send welcome email with onboarding info
• NOTIFY: Relevant team leads of new member
• VERIFY: Confirm user appears active at admin.atlassian.com/o/{orgId}/users and can log in

User Deprovisioning

• CRITICAL: Audit user's owned content and tickets

- Jira: GET /rest/api/3/search?jql=assignee={accountId} to find open issues - Confluence: GET /wiki/rest/api/user/{accountId}/property to find owned spaces/pages

• Reassign ownership of:

- Jira projects: Project settings > People > Change lead - Confluence spaces: Space settings > Overview > Edit space details - Open issues: bulk reassign via Jira > Issues > Bulk change - Filters and dashboards: transfer via User management > [user] > Managed content

• Remove from all groups: admin.atlassian.com > User management > [user] > Groups
• Revoke product access
• Deactivate account: admin.atlassian.com > User management > [user] > Deactivate

- REST API: DELETE /rest/api/3/user?accountId={accountId}

• VERIFY: Confirm GET /rest/api/3/user?accountId={accountId} returns "active": false
• Document deprovisioning in audit log
• USE: Jira Expert to reassign any remaining issues

Group Management

• Create groups: admin.atlassian.com > User management > Groups > Create group

- REST API: POST /rest/api/3/group with {"name": "..."} - Structure by: Teams (engineering, product, sales), Roles (admins, users, viewers), Projects (project-alpha-team)

• Define group purpose and membership criteria (document in Confluence)
• Assign default permissions per group
• Add users to appropriate groups
• VERIFY: Confirm group members via GET /rest/api/3/group/member?groupName={name}
• Regular review and cleanup (quarterly)
• USE: Confluence Expert to document group structure

Permission Scheme Design

Jira Permission Schemes (Jira Settings > Issues > Permission Schemes):

• Public Project: All users can view, members can edit
• Team Project: Team members full access, stakeholders view
• Restricted Project: Named individuals only
• Admin Project: Admins only

Confluence Permission Schemes (Confluence Admin > Space permissions):

• Public Space: All users view, space members edit
• Team Space: Team-specific access
• Personal Space: Individual user only
• Restricted Space: Named individuals and groups

Best Practices:

• Use groups, not individual permissions
• Principle of least privilege
• Regular permission audits
• Document permission rationale

SSO Configuration

• Choose identity provider (Okta, Azure AD, Google)
• Configure SAML settings: admin.atlassian.com > Security > SAML single sign-on > Add SAML configuration

- Set Entity ID, ACS URL, and X.509 certificate from IdP

• Test SSO with admin account (keep password login active during test)
• Test with regular user account
• Enable SSO for organization
• Enforce SSO: admin.atlassian.com > Security > Authentication policies > Enforce SSO
• Configure SCIM for auto-provisioning: admin.atlassian.com > User provisioning > [IdP] > Enable SCIM
• VERIFY: Confirm SSO flow succeeds and audit logs show saml.login.success events
• Monitor SSO logs: admin.atlassian.com > Security > Audit log > filter: SSO

Marketplace App Management

• Evaluate app need and security: check vendor's security self-assessment at marketplace.atlassian.com
• Review vendor security documentation (penetration test reports, SOC 2)
• Test app in sandbox environment
• Purchase or request trial: admin.atlassian.com > Billing > Manage subscriptions
• Install app: admin.atlassian.com > Products > [product] > Apps > Find new apps
• Configure app settings per vendor documentation
• Train users on app usage
• VERIFY: Confirm app appears in GET /rest/plugins/1.0/ and health check passes
• Monitor app performance and usage; review annually for continued need

System Performance Optimization

Jira (Jira Settings > System):

• Archive old projects: Project settings > Archive project
• Reindex: Jira Settings > System > Indexing > Full re-index
• Clean up unused workflows and schemes: Jira Settings > Issues > Workflows
• Monitor queue/thread counts: Jira Settings > System > System info

Confluence (Confluence Admin > Configuration):

• Archive inactive spaces: Space tools > Overview > Archive space
• Remove orphaned pages: Confluence Admin > Orphaned pages
• Monitor index and cache: Confluence Admin > Cache management

Monitoring Cadence:

• Daily health checks: admin.atlassian.com > Products > [product] > Health
• Weekly performance reports
• Monthly capacity planning
• Quarterly optimization reviews

Integration Setup

Common Integrations:

• Slack: Jira Settings > Apps > Slack integration — notifications for Jira and Confluence
• GitHub/Bitbucket: Jira Settings > Apps > DVCS accounts — link commits to issues
• Microsoft Teams: admin.atlassian.com > Apps > Microsoft Teams
• Zoom: Available via Marketplace app zoom-for-jira
• Salesforce: Via Marketplace app salesforce-connector

Configuration Steps:

• Review integration requirements and OAuth scopes needed
• Configure OAuth or API authentication (store tokens in secure vault, not plain text)
• Map fields and data flows
• Test integration thoroughly with sample data
• Document configuration in Confluence runbook
• Train users on integration features
• VERIFY: Confirm webhook delivery via Jira Settings > System > WebHooks > [webhook] > Test
• Monitor integration health via app-specific dashboards

Global Configuration

Jira Global Settings (Jira Settings > Issues)

Issue Types: Create and manage org-wide issue types; define issue type schemes; standardize across projects Workflows: Create global workflow templates via Workflows > Add workflow; manage workflow schemes Custom Fields: Create org-wide custom fields at Custom fields > Add custom field; manage field configurations and context Notification Schemes: Configure default notification rules; create custom notification schemes; manage email templates

Confluence Global Settings (Confluence Admin)

Blueprints & Templates: Create org-wide templates at Configuration > Global Templates and Blueprints; manage blueprint availability Themes & Appearance: Configure org branding at Configuration > Themes; customize logos and colors Macros: Enable/disable macros at Configuration > Macro usage; configure macro permissions

Security Settings (admin.atlassian.com > Security)

Authentication:

• Password policies: Security > Authentication policies > Edit
• Session timeout: Security > Session duration
• API token management: Security > API token controls

Data Residency: Configure data location at admin.atlassian.com > Data residency > Pin products

Audit Logs: admin.atlassian.com > Security > Audit log

• Enable comprehensive logging; export via GET /admin/v1/orgs/{orgId}/audit-log
• Retain per policy (minimum 7 years for SOC 2/GDPR compliance)

Governance & Policies

Access Governance

• Quarterly review of all user access: admin.atlassian.com > User management > Export users
• Verify user roles and permissions; remove inactive users
• Limit org admins to 2–3 individuals; audit admin actions monthly
• Require MFA for all admins: Security > Authentication policies > Require 2FA

Naming Conventions

Jira: Project keys 3–4 uppercase letters (PROJ, WEB); issue types Title Case; custom fields prefixed (CF: Story Points) Confluence: Spaces use Team/Project prefix (TEAM: Engineering); pages descriptive and consistent; labels lowercase, hyphen-separated

Change Management

Major Changes: Announce 2 weeks in advance; test in sandbox; create rollback plan; execute during off-peak; post-implementation review Minor Changes: Announce 48 hours in advance; document in change log; monitor for issues

Disaster Recovery

Backup Strategy

Jira & Confluence: Daily automated backups; weekly manual verification; 30-day retention; offsite storage

• Trigger manual backup: Jira Settings > System > Backup system / Confluence Admin > Backup and Restore

Recovery Testing: Quarterly recovery drills; document procedures; measure RTO and RPO

Incident Response

Severity Levels:

• P1 (Critical): System down — respond in 15 min
• P2 (High): Major feature broken — respond in 1 hour
• P3 (Medium): Minor issue — respond in 4 hours
• P4 (Low): Enhancement — respond in 24 hours

Response Steps:

• Acknowledge and log incident
• Assess impact and severity
• Communicate status to stakeholders
• Investigate root cause (check admin.atlassian.com > Products > [product] > Health and Atlassian Status Page)
• Implement fix
• VERIFY: Confirm resolution via affected user test and health check
• Post-mortem and lessons learned

Metrics & Reporting

System Health: Active users (daily/weekly/monthly), storage utilization, API rate limits, integration health, response times

• Export via: GET /admin/v1/orgs/{orgId}/users for user counts; product-specific analytics dashboards

Usage Analytics: Most active projects/spaces, content creation trends, user engagement, search patterns Compliance Metrics: User access review completion, security audit findings, failed login attempts, API token usage

Decision Framework & Handoff Protocols

Escalate to Atlassian Support: System outage, performance degradation org-wide, data loss/corruption, license/billing issues, complex migrations

Delegate to Product Experts:

• Jira Expert: Project-specific configuration
• Confluence Expert: Space-specific settings
• Scrum Master: Team workflow needs
• Senior PM: Strategic planning input

Involve Security Team: Security incidents, unusual access patterns, compliance audit preparation, new integration security review

TO Jira Expert: New global workflows, custom fields, permission schemes, or automation capabilities available TO Confluence Expert: New global templates, space permission schemes, blueprints, or macros configured TO Senior PM: Usage analytics, capacity planning insights, cost optimization, security compliance status TO Scrum Master: Team access provisioned, board configuration options, automation rules, integrations enabled FROM All Roles: User access requests, permission changes, app installation requests, configuration support, incident reports

Atlassian MCP Integration

Primary Tools: Jira MCP, Confluence MCP

Admin Operations:

• User and group management via API
• Bulk permission updates
• Configuration audits
• Usage reporting
• System health monitoring
• Automated compliance checks

Integration Points:

• Support all roles with admin capabilities
• Enable Jira Expert with global configurations
• Provide Confluence Expert with template management
• Ensure Senior PM has visibility into org health
• Enable Scrum Master with team provisioning