# Confluence Integration ### Overview The Confluence integration allows you to automate evidence collection for: * **Access Reviews** — Monitor user access, roles, and authentication controls * **Policy Checks** — Validate policy-related configurations and documentation Sprinto supports multiple authentication methods depending on the use case: * OAuth 2.0 (recommended for Access Reviews) * OAuth 2.0 Client Credentials * API Token-based authentication (used for Policy checks) *** ### How It Works Once connected, Sprinto securely fetches user, group, and configuration data from Confluence to evaluate compliance controls. * For **Access Reviews**, Sprinto retrieves: * Users and roles * Group memberships * MFA (2FA) status * For **Policy checks**, Sprinto retrieves: * Confluence pages and related metadata Sprinto continuously syncs this data and evaluates it against mapped compliance controls. #### Sprinto checks for Confluence integration Following are the available Sprinto checks for various Confluence integration types: Policies management
Sprinto checkReference procedure
Document should be set up

The following Sprinto check starts failing if there is no document set up on the Sprinto account.

How to fix: To pass this Sprinto check, you can set up the required policies per your activated framework.

Access review
Sprinto checkReference procedure
Confluence access should be removed for offboarded userHow to fix
User should be identifiedHow to fix
User access to critical system should be validHow to fix
### Permissions Required #### Access Review (OAuth-based) When using OAuth 2.0, Sprinto requests the following scopes: * `offline_access` — Maintain persistent access without repeated authentication * `read:confluence-user` — Read user details * `read:confluence-groups` — Read group memberships * `read:content-details:confluence` — Access content metadata These permissions enable Sprinto to assess user access and enforce access-related controls. *** #### Policy Checks (API Token-based) For policy validation, Sprinto uses an API token with: * **Full read access** to Confluence content This allows Sprinto to: * Fetch pages * Validate presence and structure of policy documentation *** ### Supported Authentication Methods
Use CaseAuthentication Method
Access ReviewOAuth 2.0 (Recommended)
Access ReviewOAuth 2.0 Client Credentials
Policy ChecksAPI Token
*** ### Setup Instructions #### Step 1: Navigate to Integration 1. Log in to the Sprinto dashboard. 2. Go to **Settings → Integrations.** 3. Search for **Confluence.** 4. Click **Connect.**
*** #### Step 2: Choose Integration Type You will see two options: * **Access Review** * **Policy**
You can set up one or both based on your requirements. *** ### Set Up Access Review #### Option 1: OAuth 2.0 (Recommended) 1. Click **Connect** under Access Review. 2. Review permissions and click **Next.**
3. Select the **I have admin access to my Confluence account** check box**.** 4. Click **Connect to Confluence**.
5. Select **OAuth 2.0.**
6. Review the permissions required. 7. Click **Connect**.
8. Log in via Atlassian and grant access. 9. Complete the connection. *** #### Option 2: OAuth 2.0 Client Credentials 1. Click **Connect** under Access Review. 2. Select **OAuth 2.0 Client Credentials.** 3. Enter your Client ID & Client Secret. [Know more](https://truto.notion.site/Confluence-321ac512f5a580c3a07cd114f693b807) about where you can find this information.
4. Click **Connect.** *** ### Set Up Policy Integration #### Step 1: Generate API Token 1. Go to **Atlassian API Tokens.** 2. Click **Create API token.** 3. Enter a label (for example, *Sprinto API Token*). 4. Copy the generated token. *** #### Step 2: Connect in Sprinto 1. Follow [these steps](#step-1-navigate-to-integration) to navigate to Confluence Integration. 2. Click **Connect** under Policy. 3. Review permissions and click **Next.**
4. Select the **I have the credentials** check box. 5. Click **Connect Confluence**.
4. Enter: * **Confluence domain** (for example, `yourcompany.atlassian.net`) * **Username (email)** * **API token** 5. Click **Connect Confluence.** 6. Refer to [sync documents from Confluence](https://docs.sprinto.com/policies/dashboard-actions/sync-policies-and-documents-from-confluence) for detailed instructions.
*** ### Post-Connection Setup After successfully connecting Confluence: #### For Access Review 1. Navigate to **Access → Overview.** 2. Click **Add Critical System.** 3. Search for **Confluence.** 4. Add the system to begin monitoring. *** #### Sync and Evaluation * Initial data sync may take a few hours * Controls are evaluated automatically after sync * Evidence is refreshed periodically based on monitoring schedules *** ### Support Please contact [Sprinto Support](mailto:www.support@sprinto.com) If you have any queries related to the integration or need any assistance.