Skip to content
MCP

Chapter 8 Β· Integrate & Ship

Copilot Studio & Atlassian OAuth Setup

Connect the pieces a user actually sees: create an Atlassian OAuth app, import the MCP connector into Power Platform, and add it to a Copilot Studio agent so a person can sign in and use your tools.

🎯 What you'll be able to do

  • Create an Atlassian OAuth 2.0 app with the right scopes and callback
  • Explain why offline_access is required
  • Import the MCP connector with the correct host and security settings
  • Add the connector to a Copilot Studio agent and test it

Create the Atlassian OAuth app

In the Atlassian Developer Console:

  1. Create an OAuth 2.0 integration.
  2. Add Jira API permissions.
  3. Add scopes: read:jira-work, read:jira-user, write:jira-work, offline_access.
  4. Set the callback URL:
Text
https://global.consent.azure-apim.net/redirect
Note
For sovereign clouds, use the matching Power Platform redirect host. The Client ID and Client Secret are entered in the Copilot Studio / Power Platform connector β€” they are not stored in the MCP server.

Why offline_access is needed

Why this matters
Power Platform needs to refresh the user's Atlassian access token. Without offline_access, the user may have to reauthenticate too frequently, or the connector may fail once the short-lived access token expires. Adding it lets the platform obtain a refresh token and keep the connection working.

Import the MCP connector

Edit openapi\\mcp-connector.swagger.json and replace the host placeholder with your APIM host:

JSON
"host": "REPLACE-WITH-APIM-NAME.azure-api.net"

Keep the base path aligned with APIM, and keep the agentic-protocol extension:

JSON
"basePath": "/jira-mcp"
"x-ms-agentic-protocol": "mcp-streamable-1.0"

Import the Swagger as a custom connector and configure security:

SettingValue
Identity providerGeneric OAuth 2
Authorization URLhttps://auth.atlassian.com/authorize
Token URLhttps://auth.atlassian.com/oauth/token
Refresh URLhttps://auth.atlassian.com/oauth/token
Scoperead:jira-work read:jira-user write:jira-work offline_access

Add the connector to a Copilot Studio agent

  1. Open the target agent.
  2. Go to tools.
  3. Add a Model Context Protocol tool.
  4. Select the custom connector.
  5. Create a connection and sign in to Atlassian.
  6. Let Copilot Studio discover the tools.

Test prompts:

PromptExpected tool
"Who am I in Jira?"jira_whoami
"Find my open Jira issues."jira_search
"List projects I can see in Jira."jira_get_projects
"Create a task in PROJ called Test from Copilot."jira_create_issue

❓ Concept check

A user connects successfully and jira_whoami works, but an hour later every call fails until they reconnect. Which scope is most likely missing, and why?

β–Ά Watch to reinforce this conceptOptional supplement

Recommended video needed

No specific video is linked here on purpose β€” we don't invent URLs. Search an official source (Microsoft, Azure, Atlassian, GitHub, VS Code, Python, or Model Context Protocol) using:

Copilot Studio add Model Context Protocol tool custom connector (Microsoft official)

Reinforces
Adding an MCP / custom connector tool to a Copilot Studio agent
Level
intermediate
Why it helps: An official Microsoft walkthrough of the Copilot Studio tools UI removes guesswork from the connection and consent steps.

πŸ“Œ Chapter summary

  • The Atlassian app needs scopes read:jira-work, read:jira-user, write:jira-work, and offline_access.
  • Client ID and secret live in the connector β€” never in the MCP server.
  • Keep x-ms-agentic-protocol when importing, and set the generic OAuth 2 URLs.

βœ… End-of-chapter review

0/5 done