> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Set up a Bamboo connector > C1 provides identity governance for Atlassian Bamboo. Integrate your Bamboo Data Center instance with C1 for unified visibility and governance over administrative and privileged access. C1 provides identity governance for Atlassian Bamboo (Data Center / self-hosted). Integrate your Bamboo instance with C1 for unified visibility and governance over administrative and privileged access. ## Capabilities | Resource | Sync | Provision | | ------------------- | ------------------------------------------------------------- | --------- | | Users | | | | Groups | | | | Global | | | | Projects | | | | Plans | | | | Deployment projects | | | | Environments | | | ## Gather Bamboo credentials The Bamboo connector is read-only. The account must hold the global Administration permission so it can read permissions across every scope. Sign in to your Bamboo Data Center instance as a Bamboo administrator. Create a Personal Access Token under your profile menu > **Personal access tokens** > **Create token**. Copy the token value. Note your Bamboo base URL, for example `https://bamboo.example.com`. The REST API is served from `/rest/api/latest`. If your instance cannot issue Personal Access Tokens, you may instead supply an administrator username and password for HTTP Basic authentication. ## Configuration fields | Field | Required | Description | | ----------------- | -------- | ---------------------------------------------------------------------------------------------- | | `bamboo-base-url` | Yes | Base URL of the Bamboo instance, without a trailing slash (e.g. `https://bamboo.example.com`). | | `bamboo-token` | No | Personal Access Token, sent as `Authorization: Bearer `. Preferred. | | `bamboo-username` | No | Username for HTTP Basic auth. Used only when no Personal Access Token is supplied. | | `bamboo-password` | No | Password for HTTP Basic auth. Used only when no Personal Access Token is supplied. | Supply either a Personal Access Token, or a username and password — not both. When a username is set the connector uses HTTP Basic auth; otherwise it uses the Personal Access Token. ## Synced resource types * **Users** and **Groups**: the principals that hold permissions, surfaced from the global permissions endpoints. Bamboo has no full user-directory REST endpoint, so principals are discovered through the permissions API. * **Global**, **Projects**, **Plans**, **Deployment projects**, and **Environments**: each scope is a permission-bearing resource. Every scope exposes its permission set as entitlements, and a grant is emitted for each user or group that holds a permission on that resource: * Global: `ADMINISTRATION`, `RESTRICTED_ADMINISTRATION`, `CREATE_PLAN`, `CREATE_REPOSITORY` * Project: `CREATE`, `BUILD`, `CLONE`, `EDIT`, `ADMINISTRATION`, `VIEW` * Plan: `VIEW`, `EDIT`, `BUILD`, `CLONE`, `ADMINISTRATION` * Deployment: `VIEW`, `EDIT`, `DEPLOY`, `ADMINISTRATION` * Environment: `VIEW`, `EDIT`, `DEPLOY`, `ADMINISTRATION` ## Special notes * **Group membership rosters are not synced.** Bamboo Data Center delegates group membership (which users belong to each group) to its external Crowd/LDAP directory; the Bamboo REST API does not expose it. Groups are therefore modeled as permission principals — each group appears as a resource and receives the permission grants assigned to it, but its individual members are not enumerated. * Users and groups are discovered through the permissions API rather than a directory listing, because Bamboo exposes no full user-directory endpoint. * The connector is read-only; it does not provision access.