> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up the Confluence MCP server

> Connect Confluence to C1 with per-user OAuth, then register the Confluence MCP server and govern the tools it exposes.

<Note>
  **Activation required.** AI access management must be enabled for your tenant before you can use it. To get started, [contact the C1 support team](mailto:support@c1.ai) for a walkthrough.
</Note>

The Confluence MCP server lets you govern access to Confluence Cloud — pages, blog posts, spaces, comments, attachments, whiteboards, groups, and users — as tools your AI clients can call through C1.

Confluence uses per-user OAuth, which is recommended: each person authorizes with their own Atlassian account, so every tool call runs under that user's identity and permissions.

## How C1 connects to Confluence

C1 hosts the Confluence MCP server, so your users' AI clients only ever see MCP tools — they never call Confluence directly. When an AI client calls one of these tools, C1 makes the matching request to the Confluence API using the credentials you configure here, then returns the result to the AI client.

The credentials you set up below are what C1 uses to call Confluence on your users' behalf.

## Before you begin

* AI access management must be enabled for your tenant. See [Enable AI access management](/product/admin/enable-ai-access-management).
* An Atlassian account that can create an OAuth 2.0 integration. See Atlassian's [OAuth 2.0 (3LO) apps guide](https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/).

<Note>
  If you don't see **Confluence** in your MCP server catalog, [contact the C1 support team](mailto:support@c1.ai) to enable it for your tenant.
</Note>

## Create an Atlassian OAuth 2.0 integration

With per-user OAuth, you register one Atlassian OAuth 2.0 (3LO) integration and each user authorizes individually. This keeps every action attributable to the user who took it, with only the access that user already has in Confluence.

<Steps>
  <Step>
    Sign in to the Atlassian Developer Console with your Atlassian account. For the full walkthrough, see Atlassian's [OAuth 2.0 (3LO) apps guide](https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/).
  </Step>

  <Step>
    Select **Create** > **OAuth 2.0 integration**, enter a recognizable name such as `C1`, then select **Create**.
  </Step>

  <Step>
    Open the **Permissions** tab. Next to **Confluence API**, select **Add**, then **Configure**, and add the Confluence scopes C1 needs for the operations you plan to govern, such as reading pages, spaces, and users.
  </Step>

  <Step>
    Open the **Authorization** tab. Next to **OAuth 2.0 (3LO)**, select **Configure** and set the **Callback URL** exactly to:

    ```
    https://accounts.conductor.one/auth/callback
    ```

    Select **Save changes**.
  </Step>

  <Step>
    Open the **Settings** tab. Under **Authentication details**, copy the **Client ID** and the **Secret**. Reveal the secret to copy it, and treat it as a high-value credential.
  </Step>
</Steps>

## How Confluence credentials are shared

With per-user OAuth, each user authorizes with their own Atlassian account, so tool calls run under that user's Confluence identity and inherit only the access they already have. Atlassian attributes each action to the individual user.

For how shared and per-user credentials work across MCP servers, see [Configure authentication](/product/admin/mcp-servers#configure-authentication).

## Register the Confluence MCP server in C1

With your OAuth 2.0 integration ready, register the server and provide its credentials.

<Steps>
  <Step>
    Follow [Register an MCP server](/product/admin/mcp-servers#register-an-mcp-server) and select **Confluence** from the catalog.
  </Step>

  <Step>
    When you [configure authentication](/product/admin/mcp-servers#configure-authentication), choose per-user OAuth and enter your integration's **client ID** and **client secret**.
  </Step>

  <Step>
    Save your changes. The first time a user calls a Confluence tool from their AI client, they're prompted to connect their Atlassian account.
  </Step>
</Steps>

## Discover and govern tools

After you register the server, C1 runs tool discovery against Confluence. Discovered tools appear on the server's **Tools** tab.

Each tool starts as either **Pending review** or automatically **Approved**, depending on the option chosen when the server was set up or your tenant's default tool settings in **Settings** > **AI Connections**. See [Require tool approval](/product/admin/enable-ai-access-management#require-tool-approval) and [Default tool classification](/product/admin/enable-ai-access-management#default-tool-classification).

Before anyone can call a Confluence tool, it must be approved, added to a toolset, and bound to an access profile. Continue to [Govern tools and toolsets](/product/admin/tools-and-toolsets) to set this up.

<Note>
  Tool discovery runs even if your credentials are incorrect, so seeing discovered tools doesn't confirm that authentication is working. You confirm your Confluence credentials when an approved user successfully calls a Confluence tool from their AI client.
</Note>

## Manage your Confluence credentials

* **Rotate the OAuth client secret** in the Atlassian Developer Console under your integration's **Settings** tab, then update the secret on the server's authentication settings in C1.
* **Adjust access** by editing the integration's Confluence scopes on the **Permissions** tab in the Atlassian Developer Console.