Cegeka_Logo Careers Language Solutions Back
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

Digital Workplace Solution

Digital Employee Xperience

Your Digital Employee Xperience. Our Mission.

Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

Services Back
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

Industries Back
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries
government 1

Government and Public Sector

Digital transformation for smarter, citizen-focused public services.

energy_utilities 1

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

defense 1

Defense & Security

Mission-ready IT securing critical infrastructure and data sovereignty.

food 1

Food

Streamline operations, ensure traceability and maintain compliance.

finance 1

Finance & Insurance

Cloud-powered innovation for agile, secure financial services.

manufacturing 1

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

Insights Back
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

Cegeka Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy
About us Back
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us
Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

ESG at Cegeka

We turn ESG ambition into action via sustainable IT, carbon footprint reduction and an inclusive work environment.

Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

Back
Select language

Austria

Belgium

Belgium

Denmark

Germany

Italy

Romania

Sweden

The Netherlands

United Kingdom

United States

Let’s get in touch
Cegeka_Logo Solutions
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

Digital Workplace Solution

Digital Employee Xperience

Your Digital Employee Xperience. Our Mission.

Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

Services
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

Industries
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries
government 1

Government and Public Sector

Digital transformation for smarter, citizen-focused public services.

energy_utilities 1

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

defense 1

Defense & Security

Mission-ready IT securing critical infrastructure and data sovereignty.

food 1

Food

Streamline operations, ensure traceability and maintain compliance.

finance 1

Finance & Insurance

Cloud-powered innovation for agile, secure financial services.

manufacturing 1

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

Insights
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

Cegeka Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy
About us
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us
Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

ESG at Cegeka

We turn ESG ambition into action via sustainable IT, carbon footprint reduction and an inclusive work environment.

Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

Austria   Austria DE Belgium   Belgium NL Belgium   Belgium FR Denmark   Denmark EN Germany   Germany DE Italy   Italy IT Romania   Romania EN Sweden   Sweden EN The Netherlands   The Netherlands NL United Kingdom   United Kingdom EN United States   United States EN Careers Let’s get in touch
Home Discover our latest blogs Discover our latest blogs Enhancing Atlassian Security and Governance: Transitioning from Bot Users to Service Accounts
Quality Engineering
3 minutes reading

Enhancing Atlassian Security and Governance: Transitioning from Bot Users to Service Accounts

If you have ever inherited an old Jira or Confluence integration, you probably know the feeling: somewhere, a mysterious bot account is keeping the lights on, and nobody is completely sure who owns it. In this blog post I try to walk you through what changes when you move from those legacy bot users to Atlassian Service Accounts, and what I wish every team knew before starting the migration.

Bram Geukens

Bram Geukens

July 13, 2026

For years, the “Standard Operating Procedure” for Atlassian integrations was simple: create a fake user called jira_bot, buy it a license, and generate an API token that lasts indefinitely. It worked, it was convenient, and plenty of teams used it.

The shift from human “bot” accounts to purpose-built Service Accounts is not just a technical update; it is a move toward cleaner, more professional identity management. The catch is that it is often harder than it looks, because it forces you to rethink how your integrations are built and governed.

From "Bot Users" to Clean Governance

The old way of working often relied on “ghost identities”: human accounts used by machines or integrations. Today, this approach is generally considered outdated and no longer recommended, not only within Atlassian, but across many platforms and tools.

In practice, three problems kept coming back:

  • Companies were paying for seats that no human ever sat in.
  • Because these accounts were human, they could often bypass SSO or MFA, becoming permanent back doors.
  • When an integration broke, finding the person who created the token five years ago was often impossible.
The Service Account solution: Service Accounts are free of charge, cannot be used to log into the UI, and are managed centrally. In practice, they help turn integrations from “shadow IT” into governed corporate assets.

Why the Switch is Harder Than You Think

If a colleague asked me about the migration, this is what I would bring up first. Moving to Service Accounts changes how your integrations communicate, and unlike human API tokens, service account credentials follow a stricter routing and security model.

The URL transformation

Many development teams spend days debugging 404 Not Found errors because they try to use their old site URLs. Service Accounts cannot talk to <your-site>.atlassian.net. You must use the Global API Gateway: api.atlassian.com.

Legacy Bot User

  • Base URL: <your-site>.atlassian.net/rest/api/3/...

  • Routing: Direct to site

Service Account

  • Base URL: api.atlassian.com/ex/jira/{cloudId}/rest/api/3/...

  • Routing: Requires a Cloud ID lookup

Cloud ID = a unique GUID for your site.
Found by calling: GET https://<your-site>.atlassian.net/_edge/tenant_info

Immutable scopes

With legacy tokens, “admin” was “admin.” With Service Accounts, you must select specific API Scopes (like read:jira-work) during creation.

Scopes are immutable. Once a credential is created, its scopes cannot be modified. If an integration evolves and requires additional access, the existing credential must be revoked, a new one created, and the integration updated accordingly.

There are two common approaches to handle this:

  • Revoke the existing credential and issue a new one with the required scopes.

  • Maintain multiple credentials, each with a clearly defined and limited scope, aligned to specific use cases.

The dual-gate authorization model

A request must pass two independent gates:

  1. The Scope Gate (The Token): The created token itself has permission to perform the action (like read:jira-work)

  2. The Permission Gate (The Product): The Service Account must be explicitly added to Jira Project Roles or Confluence Space Permissions.

Implementation: API tokens vs. OAuth 2.0

Atlassian offers two ways to authenticate your Service Account.

Option A: API Tokens (Bearer Auth)

Static, scoped credentials linked to a service account, used for simple and direct API access.
Best suited for legacy tools or low-complexity integrations. Tokens expire between 1 and 365 days.

# Bearer Auth using the generated API Token

## URLs for API tokens with scopes for Jira 
curl -v \
  https://api.atlassian.com/ex/jira/{cloudId}/rest/api/3/project \
  -H "Authorization: Bearer my-api-token" \
  -H "Accept: application/json"

## URLs for API tokens with scopes for Confluence
curl -v \
  https://api.atlassian.com/ex/confluence/{cloudId}/wiki/rest/api/space \
  -H "Authorization: Bearer my-api-token" \
  -H "Accept: application/json"

Option B: OAuth 2.0 Credentials (Bearer Auth)

Dynamic, short-lived access tokens with enforced scopes, designed for secure and governed integrations.
This is the recommended standard for secure machine-to-machine communication.

# Step 1: Exchange credentials for a 60-minute token
curl --request POST \
  --url "https://api.atlassian.com/oauth/token" \
  --header "Content-Type: application/json" \
  --data '{
    "grant_type": "client_credentials",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
  }'

# Step 2: Use the Access Token in the header
curl --request GET \
  --url "https://api.atlassian.com/ex/jira/YOUR_CLOUD_ID/rest/api/3/issue/PROJ-123" \
  --header "Authorization: Bearer YOUR_ACCESS_TOKEN"

Migration checklist

Refactoring your scripts requires managing new operational realities:

  • Tokens expire after a maximum of 365 days (API tokens) or 60 minutes (OAuth), so your code must handle rotation.
  • Document required scopes (e.g., read:issue:jira, write:comment:jira) before creation, because scopes lock once saved.
  •  If your token is valid but you get a 403, it's almost always a permission issue. Open the space settings and make sure the Service Account has been granted the right role.
  • Organizations needing more than five free service accounts should explore Atlassian Guard for advanced lifecycle management.

Key takeaway

The transition to Service Accounts moves from implicit trust to explicit control. While it requires more discipline upfront (mapping scopes, discovering Cloud IDs, and refactoring base URLs), it eliminates "zombie" licenses and strengthens your security posture. Treat your integrations as first-class services, and the security debt of the "bot user" era will become history.

Bram Geukens

Bram Geukens

More of Bram Geukens articles

Talk to an expert about securing your Atlassian integrations