/
App Permissions & Authentication Modes

App Permissions & Authentication Modes

When setting up ikuTeam Files or the SharePoint Connector, you must choose between two primary permission modes. This setting defines how your team interacts with SharePoint (or other cloud storages connected) files within Jira and Confluence. We recommend selecting your preferred mode during the initial setup and remaining consistent.

ikuTeam-SharePoint.png

 

1. Mirror Storage Permissions: ON (Individual Access)

In this mode, the app respects SharePoint’s native security model.

  • How it works: When a user connects a file or folder, other team members must authenticate with their own SharePoint accounts to view or edit them.

  • Authentication: Users only need to authenticate once; their credentials are securely stored within the Atlassian platform.

  • Audit Trail: SharePoint logs accurately reflect which individual user made specific changes.

2. Mirror Storage Permissions: OFF (Shared Access)

In this mode, the app uses a "Service Account" style of access.

  • How it works: Once User A connects a folder, any user in Jira or Confluence can view the content, even if they do not have a SharePoint account.

  • Important Note on Audit Logs: Because the app uses the connector's credentials, all file changes (edits, deletions, etc.) will appear in SharePoint logs as being performed by User A, regardless of who actually made the change. That is why we recommend to use a service account to avoid misleading audit trails.

Changing Your Permissions Setup

If you decide to switch modes after the app has been in use, please review the following impact guide:

Scenario A: Switching from OFF → ON

  • Impact: Low.

  • Result: All existing folder and file links will continue to work. The only change is that users who previously had "free" access will now be prompted to authenticate with their own SharePoint accounts to view the content.

Scenario B: Switching from ON → OFF

  • Impact: High (for apps migrated from Connect to Forge).

  • The Issue: If your app was migrated from the old Connect platform to the new Forge architecture, switching from ON to OFF will likely break existing links. You will see "Broken Link" errors on Jira issues and Confluence pages because the system no longer has a valid user token to associate with the shared access.

  • If the app was installed in Forge from the beggining, all should work after changing the permissions method.

How to fix broken links (ON → OFF):

If you see broken links after switching to "OFF," follow these steps to restore them:

  1. Identify the original user who connected the base folder in the ikuTeam File Manager.

  2. Have that user navigate to the File Manager within the app settings.

  3. As they attempt to navigate the folder structure, a "Reauthenticate" button will appear.

  4. Once that user completes the reauthentication flow, all related links across Jira issues and Confluence pages will be automatically restored.