Monitor Atlassian Rovo MCP server activity
As an administrator of Atlassian apps, you may be concerned about MCP (Model Context Protocol) servers gaining access to your data. Atlassian provides some tools that can help you control which AI tools can access your site’s data.
Who can do this? |
Options to monitor and manage MCP activity
The following table contains details of what’s currently covered.
Function | Location | Description | More info |
|---|---|---|---|
For visibility MCP tool invocation logging | Atlassian Administration > Insights > Audit log Filter for Rovo MCP User Actions or search MCP | Every time a tool is used through the Atlassian Rovo MCP server, an event is recorded in your organization’s audit log. Each entry includes the tool name, action, and user who performed it. Currently, only tool invocations using OAuth are logged. | |
For visibility An OAuth app is installed for the first time (Requires Guard Standard) | Atlassian Administration > Insights > Audit log Type MCP in the search field. | Audit logs show when and which user used OAuth to authorize using the Atlassian Remote MCP server (which will automatically install the Atlassian MCP app). Note: If additional users authorize the app, they do not appear in the audit log. | |
For control Block/allow user-based OAuth connections | Atlassian Administration > Apps > Sites (select a site) > Site settings > Connected apps > Settings tab | Prevent users from installing any OAuth apps completely. This is a blanket setting. | |
For control Data security policy to prevent app access via spaces and projects (Requires Guard Standard) | Atlassian Administration > Security > Data security policies | You can restrict the installation of the Atlassian Rovo MCP app from spaces and projects. |
Was this helpful?