Only Forge apps can be installed on AGC sites. As such, to support customers in AGC, existing Connect apps need to adopt Forge.
This page describes the AGC-specific changes you need to apply to a Connect app that is currently being adopted to Forge. See How to adopt Forge from Connect for detailed information about converting a Connect app to Forge.
Your app.connect.key in AGC must be the same as your commercial app's. If these keys differ, your app will not be licensed correctly.
An AGC app should be configured to use the appropriate federal URLs of Atlassian services.
When your app is installed in an AGC tenant, the initial app installation call will be signed with a private key from the key server, for example: https://connect-install-keys.atlassian-us-gov-mod.com. You'll need to use this key server to verify that the installation is correctly signed. Alternatively, you can also use https://asap-distribution.us-west-2.prod.atl-auth-us-gov-mod.net for this purpose.
If your app has the ACT_AS_USER scope and you wish to allocate an impersonation authorization token to it, your app will need to request that token from https://oauth-2-authorization-server.services.atlassian-us-gov-mod.com.
Your app's front end will need to load the Atlassian Connect JavaScript client library from a dedicated CDN at https://connect-alljs-cdn-bifrost.frontend.cdn.atlassian-us-gov-mod.com/assets/all.js.
Your app must enable the Content Security Policy header. To do this, include https://*.cdn.atlassian-us-gov-mod.com as a trusted source for script-src and style-src. This will allow your Connect app to load the required resources from the Connect CDN.
Update to the latest Connect app framework, as it allows your app to support AGC with minimal effort.
Apps using these frameworks recognise federal tenants based on its baseURL, which follows the pattern *.atlassian-us-gov-mod.net. These frameworks will use the appropriate federal instances of our services automatically.
If you're using your own approach to building your app, you'll need to use a similar strategy to that used by these frameworks. You can inspect the code for these frameworks to determine the change appropriate to your build. If you currently block install attempts for tenant baseURLs outside of a small acceptable set, you'll need to add the new AGC tenant pattern to that set.
Rate this page: