This is the documentation for Crucible 3.5. View the latest version of

Unknown macro: {spacejump}

or visit the latest Crucible documentation home page.

Application Links (sometimes called app links) is a bundled app that allows you to set up links, share information, and provide access to certain resources or functionality across multiple Atlassian products. We recommend using OAuth authentication for application links because of the greater security inherent with that protocol. We no longer recommend the Trusted Applications and Basic authentication types.

  1. Click the 'cog' menu in the Crucible header, and choose Administration. You need to be logged in as an administrator to see this.
  2. Choose Application Links in the left-hand panel. The Application Links configuration page displays links that have already been set up.
  3. Enter the URL of the application you want to link to, then select Create new link.

    Cloud to Cloud integration

    When adding the Cloud URL, use the https://instance.atlassian.net. If the https:// is not used, the link will not be completed.


    • If you check The servers have the same set of users..., then this link will be configured using OAuth (with impersonation) authentication.
    • If you are not an admin on both servers you won't be able to set up a 2-way (reciprocal) application link. If you want to go ahead and create a 1-way link anyway, clear the I am an administrator on both instances checkbox.

  4. Use the wizard to finish configuring the link. If the application you are linking to does not have the Application Links plugin, you must supply additional information to set up a link with OAuth authentication.

When you complete the wizard, the Application Links plugin will create the link between your applications using the most secure authentication method that is supported between the two applications. See the Application Links User Guide for more information.

The new link will appear on the Configure Application Links page, where you can:

Impersonating and Non-Impersonating Authentication Types

OAuth authentication

OAuth authentication redirects a user to log in to the remote application, after which tokens generated on their behalf are used to authorize requests made from the local application. The remote application handling the request uses the access permissions of the account with which the user logged in on that remote application.

Typical scenarios include:

  • You are setting up an application link between two applications that do not share the same set of users.
  • You want to continue using a link to an application that now allows public sign-on and the link was previously configured with a shared userbase. You can update your application link by changing OAuth (impersonation) to OAuth when editing the application link.

See OAuth security for application links for more information.

OAuth with impersonation

Atlassian OAuth with impersonation makes it easy for your users to benefit from the deep integrations between Atlasssian applications:

  • they're automatically authenticated on the other application and don't get asked to authorize requests.
  • they'll only see the information that they have permission to see. 

Impersonating authentication makes requests on behalf of the user who is currently logged in.

Note that Atlassian OAuth with impersonation can only be used for application links between Atlassian applications. Furthermore, it should only be used when the two applications share the same userbase, typically managed with an external directory using LDAP.

A typical scenario is:

  • You've set up an application link but your users still have to authenticate regularly. This can occur when the application link has been configured to not share the same userbase. If those applications do share the same userbase, you can update your application link by selecting OAuth (impersonation) when editing the application link.

See OAuth security for application links for more information.

  • No labels