Atlassian Rovo MCP server in Copilot Studio after the SSE sunset

July 14, 2026

Atlassian’s Rovo MCP server gives Copilot Studio agents direct access to Jira, Confluence, and Compass — JQL search, issue creation, page lookups — without a custom connector. The Copilot Studio CAT team published the original walkthrough in May 2026 using https://mcp.atlassian.com/v1/sse. That endpoint was sunset on June 30, 2026. The admin UI and permissions model have also changed.

This post documents the current state: the correct endpoint for Copilot Studio, the updated admin prerequisites, and the scope mismatch between what Atlassian’s docs recommend and what actually works.

Server URL: /v1/mcp, not /v1/mcp/authv2

Atlassian’s docs recommend this endpoint for MCP clients:

https://mcp.atlassian.com/v1/mcp/authv2

That works for Claude, Cursor, and other clients. Copilot Studio’s Dynamic discovery flow requires a different endpoint:

https://mcp.atlassian.com/v1/mcp

The difference is scope negotiation. /authv2 grants :agent-interface scopes during Dynamic Client Registration. Those scopes don’t match what the Jira and Confluence tools expect at runtime. The result: getAccessibleAtlassianResources succeeds (it only needs read:account and read:me), but searchJiraIssuesUsingJql, createJiraIssue, and every other useful tool call returns 401 “scope does not match.”

/v1/mcp grants the correct scopes — read:jira-work, write:jira-work, search:confluence, and others — and works with Dynamic discovery.

Endpoint Scopes granted Works in Copilot Studio
/v1/sse Correct No (sunset June 30, 2026)
/v1/mcp/authv2 :agent-interface No (401 on tool calls)
/v1/mcp read:jira-work, write:jira-work, search:* Yes

Admin prerequisites

Atlassian consolidated the admin UI and added a permissions layer. Six prerequisites must be in place before the Copilot Studio side works.

# Prerequisite Where to check Notes
1 Atlassian Cloud site Your URL is *.atlassian.net Server and Data Center don’t support Remote MCP
2 Rovo MCP server enabled Atlassian Administration > Rovo > Rovo MCP server Single settings page — Rovo activation and MCP enablement are no longer separate toggles. Rovo Free doesn’t support MCP tool execution; Standard (Beta) or higher is required
3 Domain allowlisting permits Copilot Studio Same Rovo MCP server page Default “Atlassian-supported domains” already includes global.consent.azure-apim.net and token.botframework.com. If your org locked down to an explicit allowlist, add https://global.consent.azure-apim.net/**
4 IP allowlists include the user’s network Atlassian Administration (org-level) IP allowlisting applies to MCP connections. The consent screen still renders for blocked IPs, but tool calls fail
5 MCP server permissions allow Read + Search Rovo MCP server > Permissions tab New since the original post. Three permission types: Read, Write, Search. Use Edit details for per-app control
6 Test user has product access Atlassian Administration > Apps > Atlassian Apps Without a Jira/Confluence/Compass seat, the server returns an empty resource list

Two timing notes on prerequisite 2:

  • Plan changes can take 24–48 hours to propagate. During that window, getAccessibleAtlassianResources works but all Jira, Confluence, and Search tools return 401.
  • After upgrading plans, revoke the old app consent at id.atlassian.com/manage-profile/apps and create a fresh connection.

Copilot Studio setup

The Copilot Studio side is unchanged from the original walkthrough. The only difference is the URL.

  1. Add a tool > Model Context Protocol > New tool
  2. Server URL: https://mcp.atlassian.com/v1/mcp
  3. Authentication: Dynamic discovery
  4. Create the connection (first-time consent)
  5. Activate the connection and click Add and configure
  6. Test: “List the Jira sites I have access to” → “Find all open issues in my Jira site”
  7. Publish

Common failures

Symptom Cause Fix
getAccessibleAtlassianResources works, all other tools return 401 “scope does not match” Using /v1/mcp/authv2 endpoint Change server URL to /v1/mcp
Same 401 pattern after switching to /v1/mcp Rovo Free plan, or plan upgrade hasn’t propagated Upgrade to Standard; wait 24–48 hours; revoke old consent and re-create connection
No tools discovered Admin toggle off, or domain blocked Verify Rovo MCP server is enabled and domain allowlist includes Copilot Studio
Tools discovered but every call returns “Access denied… not authorized the search permission” MCP server Permissions tab has Search blocked Enable Read + Search in Rovo MCP server > Permissions
Consent screen appears but tool calls return permissions error IP allowlisting blocks the user’s network Add egress IPs to the org allowlist
401 “scope mismatch” after initially working connection Dynamic Client Registration didn’t request full scope set Delete the connection in Power Platform and re-create it
Empty resource list, agent has no tools to call Test user lacks Jira/Confluence/Compass product access Grant product access under Atlassian Administration

What changed from the original post

Area May 2026 (original) July 2026 (current)
Server URL https://mcp.atlassian.com/v1/sse https://mcp.atlassian.com/v1/mcp
Protocol Server-Sent Events Streamable HTTP
Admin path Separate Rovo toggle + Products > Remote MCP server Single page: Atlassian Administration > Rovo > Rovo MCP server
Domain control Security > External app policies Rovo MCP server settings > domain allowlist
Permissions Not configurable Permissions tab — Read, Write, Search per app
Prerequisites 5 6

References

results matching ""

    No results matching ""