Problem Statement

Currently, there is no way for organization admins to limit access to Rovo MCP (Model Context Protocol) based on user authentication type. Organizations that use SSO (Single Sign-On) to manage their internal users need the ability to ensure that Rovo MCP is only accessible to those authenticated internal users, while being disabled or restricted for external/guest users who access Jira through other means.

Proposed Solution

Provide an admin-level control, ideally within Atlassian Administration or Rovo Settings, that allows organizations to:

 1.  Restrict Rovo MCP access to users authenticated via the organization's configured SSO provider only
 2.  Disable Rovo MCP for external collaborators, guests, or users not authenticated through SSO
 3.  Optionally, provide granular group-based controls so admins can define exactly which user groups have access to Rovo MCP

Use Case / Business Justification

•  Organizations with strict data governance and security policies need to ensure that AI-powered MCP capabilities are not accessible to external users or contractors who may have limited access to Jira
•  Compliance requirements in regulated industries (e.g., finance, healthcare, legal) may mandate that AI tools are restricted to verified internal employees only
•  Reduces the risk of sensitive organizational data being exposed to external parties through MCP-powered AI interactions