Last updated Jul 15, 2025

Adopt Forge from Connect on AGC

Only Forge apps can be installed on AGC sites. As such, to support customers in AGC, existing Connect apps need to adopt Forge.

This page describes the AGC-specific changes you need to apply to a Connect app that is currently being adopted to Forge. See How to adopt Forge from Connect for detailed information about converting a Connect app to Forge.

Your app.connect.key in AGC must be the same as your commercial app's. If these keys differ, your app will not be licensed correctly.

Before you begin

Before you start configuring your Connect-on-Forge app for AGC, update first to the latest Connect app framework version:

Apps using these frameworks recognise federal tenants based on its baseURL, which follows the patterns *.atlassian-us-gov-mod.net, *.atlassian-us-gov-mod.com, or similar. These frameworks will use the appropriate federal instances of our services automatically.

Using an outdated framework version will result in forge install errors like LIFECYCLE_HOOK_FAILED.

If you're using your own approach to building your app, you'll need to use a similar strategy to that used by these frameworks. You can inspect the code for these frameworks to determine the change appropriate to your build. If you block install attempts for tenant baseURLs outside of a small acceptable set, you'll need to add the new AGC tenant pattern to that set.

Update AGC URLs

An AGC app should be configured to use the appropriate federal URLs of Atlassian services.

Installation key server

When your app is installed in an AGC tenant, the initial app installation call will be signed with a private key from the key server, for example: https://connect-install-keys.atlassian-us-gov-mod.com. You'll need to use this key server to verify that the installation is correctly signed. Alternatively, you can also use https://asap-distribution.us-west-2.prod.atl-auth-us-gov-mod.net for this purpose.

Impersonation token

If your app has the ACT_AS_USER scope and you wish to allocate an impersonation authorization token to it, your app will need to request that token from https://oauth-2-authorization-server.services.atlassian-us-gov-mod.com.

Client library

Your app's front end will need to load the Atlassian Connect JavaScript client library from a dedicated CDN at https://connect-alljs-cdn-bifrost.frontend.cdn.atlassian-us-gov-mod.com/assets/all.js.

Configure security policy

Your app must enable the Content Security Policy header. To do this, include https://*.cdn.atlassian-us-gov-mod.com as a trusted source for script-src and style-src. This will allow your Connect app to load the required resources from the Connect CDN.

Rate this page: