Set up a Confluence Cloud data store

This page describes how to create a data store and connect Confluence Cloud to Gemini Enterprise.

Before you begin

Ensure the following before you set up your Confluence Cloud federated connection:

Grant the Discovery Engine Editor role (roles/discoveryengine.editor). This role is required for the user to create the data store. To grant this role, do the following:
1. In the Google Cloud console, go to the IAMpage.
  Go to IAM
2. Locate the user account and click the edit Editicon.
3. Grant the Discovery Engine Editor role to the user. For more information, see IAM roles and permissions .
To enforce data source access control and secure data in Google Gemini Enterprise, configure your identity provider .
To set up the Confluence Cloud connector, you must use the new centralized Atlassian user management model. If you are using the original model, you need to migrate your user management before proceeding. For more information, see Site administrator role .
Create an OAuth 2.0 app , obtain the client ID and secret , and configure the minimum application permissions with the consent of a Confluence Cloud administrator.
Optional: To retrieve user email addresses from Confluence Cloud, even when settings restrict email visibility, install the User Identity Accessor for Confluence Cloud app with Confluence Site administrator privileges, and then configure it to securely retrieve user email addresses. You might not need to install this app if email addresses are already publicly accessible.

Note: Atlassian is updating user interface elements, and some elements mentioned in this documentation are being renamed (for example, Productsis being renamed to Apps). For more information, see Atlassian Administration terminology change from "products" to "apps" .

Create Confluence Cloud data store

To create a Confluence Cloud data store, perform the following steps:

In the Google Cloud console, go to the Gemini Enterprise page.

Gemini Enterprise
Select or create a Google Cloud project.

Note: To access the unified flow, your project must be on the allowlist.
In the navigation menu, click Data stores.
Click Create data store.
In the Sourcesection, search for Confluence Cloud, and click Select.
In the Datasection:
1. In the Connector modesection, select Data ingestionor Federated searchas the connection mode.
2. Click Continue.
3. In the Authentication settingssection, configure authentication based on your chosen connection mode.
  1. If you selected Data ingestion:
    1. Select OAuth 2.0 Client Credentialsor API Tokenas the authentication method.
    2. If you select OAuth 2.0 Client Credentials, enter the following details:
      - Client ID
      - Client Secret
      - Instance URI
      - Instance ID
    3. If you select API Token, enter the following details:
      - Instance URI
      - User Account
      - API Token
  2. If you selected Federated search:
    1. OAuth 2.0 Client Credentialsis the only applicable method. Provide the following details:
      - Client ID
      - Client Secret
      - Instance URI
  For more information about credentials, see Confluence Cloud configuration .
  1. Click Loginand complete the Atlassian sign-in.
4. Click Continue.
5. In the Destinationssection, enter your URL to your Confluence Cloud endpoint.
6. Click Continue.
7. In the Entities to sync(if you selected Data ingestion) or Entities to search(if you selected Federated search) section:
  1. Select all the required entities.
  2. Optional: To sync specific projects, do the following:
    1. Click Filter.
    2. To filter entities out of the index, select Exclude from the index, or to ensure that they are included in the index, select Include in the index.
    3. Enter the space keys. Press enter after each space key.
    4. Click Save.
  3. If you selected Data ingestion, to configure the sync schedule, do the following:
    1. In the Sync frequencylist, select the sync frequency.
      - To schedule separate full syncs of entity and identity data, expand the menu in the Full syncsection and then select Custom options.
    2. In the Incremental sync frequencylist, select the incremental sync frequency.
  For more information, see Sync schedules .
Click Continue.
In the Configurationsection:
1. From the Multi-regionlist, select the location for your data connector.
2. In the Data connector namefield, enter a name for your connector.
3. If you selected US or EU as the location, configure the Encryption settings:
  - Optional: If you haven't configured single-region keys, click Go to settings pageto do so. For more information, see Register a single-region key for third-party connectors .
  - Select Google-managed encryption keyor Cloud KMS key.
  - If you selected Cloud KMS key:
    - In the Key management typelist, select the appropriate type.
    - In the Cloud KMS keylist, select the key.
  For more information, see Customer-managed encryption keys .
Click Continue.
In the Billingsection, select General pricingor Configurable pricing. For more information, see Verify the billing status of your projects and Licenses .
Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data Storespage.

On the Data Storespage, click your data store name to see the status. After the data store state changes from Creatingto Active, the Confluence Cloud connector is ready to be used.

For an ingestion connector created with Confluence Cloud, the data store state transitions from Creatingto Runningupon synchronization initiation. It then changes to Activeonce ingestion is complete, signifying that the data store is fully configured. Depending on data volume, ingestion may require several hours.

After creating the data store, create an app , connect it to the Confluence Cloud data store , and authorize Gemini Enterprise to access Confluence Cloud before executing any queries.

Enable real-time sync for data ingestion

Real-time sync only syncs document entities and doesn't sync data related to identity entities. The following table shows which document events are supported with real-time sync.

Confluence entities	Create	Update	Delete	Permission changes
Spaces
Pages
Blogs
Attachments
Comments
Whiteboards

Enable real-time sync 20 minutes after creating the Confluence Cloud data store. To enable real-time sync for a Confluence data source, follow these steps:

Generate a webhook URL

Navigate to the Gemini Enterprise page, and in the navigation menu, click Data Stores.
Select a Confluence data store.
Click View/Editin the Realtime syncrow.
In the View and edit realtime sync parametersdialog, do the following:
1. To turn on real-time sync, click the Enable realtime synctoggle.
2. In the Client secretfield, enter a placeholder value, such as clientsecret .
3. Click Save.
After the status of Realtime syncchanges to Running , click View/Edit.
In the View and edit realtime sync parametersdialog, do the following:
1. Copy the Webhook URL.
2. Click Close.

Subscribe to events using the API

To receive real-time updates from Confluence, you must subscribe to specific events using a POST request. To make API calls, use the same administrator account used for setting up authentication and permissions in Confluence to create the data store.

   
curl  
-X  
POST  
 \ 
  
 INSTANCE_URL 
/wiki/rest/webhooks/1.0/webhook  
 \ 
  
-H  
 "Content-Type: application/json" 
  
 \ 
  
-u  
 " USERNAME 
: API_TOKEN 
" 
  
 \ 
  
-d  
 '{ 
 "name": " SUBSCRIPTION_NAME 
", 
 "url": " LISTENER_URL 
", 
 "events": [ 
 " EVENT_TYPE_1 
", 
 " EVENT_TYPE_2 
" 
 ], 
 "active": true 
 }'

INSTANCE_URL : The base web address for your Atlassian Cloud site.
USERNAME : The Atlassian Cloud username.
API_TOKEN : The API token generated from your Atlassian account. For more information, see Set up an API token in Confluence
SUBSCRIPTION_NAME : A unique name for your event subscription.
LISTENER_URL : The webhook URL copied from the Google Cloud console once Real-Time Sync (RTS) is enabled on your data store.

EVENT_TYPE : The event types that you want to subscribe to. You can subscribe to create, update, and delete events for attachments, blog posts, pages, spaces, and comments.

The user can subscribe to the following events:

space_created
space_updated
page_created
page_updated
attachment_created
attachment_updated
comment_created
comment_updated
blog_created
blog_updated

Example command and result

curl -X POST \
    https://cymbalgroup.atlassian.net/wiki/rest/webhooks/1.0/webhook \
    -H "Content-Type: application/json" \
    -u "admin1:######" \
    -d '{
      "name": "Cymbal_DCT",
      "events": [
        "attachment_created",
        "attachment_updated"
      ],
      "url": "https://rt-server-a-jx3m2-uw.a.run.app/webhook",
      "active": true
    }'
{
"name": "Cymbal_DCT",
"url": "https://cymbalgroup.atlassian.net/wiki/rest/webhooks/1.0/webhook",
"description": " Webhook for Cymbal DCT group to fetch attachments.",
"excludeBody": false,
"filters": {},
"events": [
    "attachment_created",
    "attachment_updated",
],
"enabled": true,
"self": https://rt-server-a-jx3m2-uw.a.run.app/webhook,
"lastUpdatedUser": "Cymb_389",
"lastUpdatedDisplayName": "Ariel",
"lastUpdated": 1752095647212
}

API error codes

This table lists common API error codes users encounter when creating webhooks.

Error class	Error code	Error message	Troubleshooting
`403`	`FORBIDDEN`	Current user not permitted to use Confluence.	Ensure a valid token from an administrator account and correct API endpoint.

Data handling and query execution

This section describes how Gemini Enterprise manages your query and the privacy implications of using the federated data store.

Query execution

After you authorize Confluence Cloud and send a search query to Gemini Enterprise:

Gemini Enterprise sends your search query directly to the Atlassian API.
Gemini Enterprise blends the results with those from other connected data sources and displays a comprehensive search result.

Data handling

When using third-party federated search, the following data handling rules apply:

Your query string is sent to the third-party search backend (Atlassian API).
These third parties may associate queries with your identity.
If multiple federated search data sources are enabled, the query might be sent to all of them.
Once the data reaches the third-party system, it is governed by that system's terms of service and privacy policies.

What's next

To provide a user interface for querying your Confluence Cloud data, create an app and connect it to the Confluence Cloud data store .
To preview how your search results appear after your app is set up, see Get search results .
To enable alerts for the data store, see Configure alerts for third-party data stores .