Set up a Confluence Cloud data store

This page describes how to create a data store and connect Confluence Cloud to Gemini Enterprise.

Before you begin

Ensure the following before you set up your Confluence Cloud federated connection:

  • Grant the Discovery Engine Editor role (roles/discoveryengine.editor). This role is required for the user to create the data store. To grant this role, do the following:

    1. In the Google Cloud console, go to the IAM page.

      Go to IAM

    2. Locate the user account and click the edit Edit icon.
    3. Grant the Discovery Engine Editor role to the user. For more information, see IAM roles and permissions.

  • To enforce data source access control and secure data in Google Gemini Enterprise, configure your identity provider.

  • To set up the Confluence Cloud connector, you must use the new centralized Atlassian user management model. If you are using the original model, you need to migrate your user management before proceeding. For more information, see Site administrator role.

  • Create an OAuth 2.0 app, obtain the client ID and secret, and configure the minimum application permissions with the consent of a Confluence Cloud administrator.

  • Optional: To retrieve user email addresses from Confluence Cloud, even when settings restrict email visibility, install the User Identity Accessor for Confluence Cloud app with Confluence Site administrator privileges, and then configure it to securely retrieve user email addresses. You might not need to install this app if email addresses are already publicly accessible.

Create Confluence Cloud data store

To create a Confluence Cloud data store, perform the following steps:

  1. In the Google Cloud console, go to the Gemini Enterprise page.

    Gemini Enterprise

  2. Select or create a Google Cloud project.

  3. In the navigation menu, click Data stores.

  4. Click Create data store.

  5. In the Source section, search for Confluence Cloud, and click Select.

  6. In the Data section:

    1. In the Connector mode section, select Data ingestion or Federated search as the connection mode.

    2. Click Continue.

    3. In the Authentication settings section, configure authentication based on your chosen connection mode.

      1. If you selected Data ingestion:

        1. Select OAuth 2.0 Client Credentials or API Token as the authentication method.
        2. If you select OAuth 2.0 Client Credentials, enter the following details:
          • Client ID
          • Client Secret
          • Instance URI
          • Instance ID
        3. If you select API Token, enter the following details:
          • Instance URI
          • User Account
          • API Token

      2. If you selected Federated search:

        1. OAuth 2.0 Client Credentials is the only applicable method. Provide the following details:
          • Client ID
          • Client Secret
          • Instance URI

      For more information about credentials, see Confluence Cloud configuration.

      1. Click Login and complete the Atlassian sign-in.

    4. Click Continue.

    5. In the Destinations section, enter your URL to your Confluence Cloud endpoint.

    6. Click Continue.

    7. In the Entities to sync (if you selected Data ingestion) or Entities to search (if you selected Federated search) section:

      1. Select all the required entities.
      2. Optional: To sync specific projects, do the following:
        1. Click Filter.
        2. To filter entities out of the index, select Exclude from the index, or to ensure that they are included in the index, select Include in the index.
        3. Enter the space keys. Press enter after each space key.
        4. Click Save.

      3. If you selected Data ingestion, to configure the sync schedule, do the following:

        1. In the Sync frequency list, select the sync frequency.

          • To schedule separate full syncs of entity and identity data, expand the menu in the Full sync section and then select Custom options.

        2. In the Incremental sync frequency list, select the incremental sync frequency.

      For more information, see Sync schedules.

  7. Click Continue.

  8. In the Configuration section:

    1. From the Multi-region list, select the location for your data connector.
    2. In the Data connector name field, enter a name for your connector.
    3. If you selected US or EU as the location, configure the Encryption settings:
      • Optional: If you haven't configured single-region keys, click Go to settings page to do so. For more information, see Register a single-region key for third-party connectors.
      • Select Google-managed encryption key or Cloud KMS key.
      • If you selected Cloud KMS key:
        • In the Key management type list, select the appropriate type.
        • In the Cloud KMS key list, select the key.
      For more information, see Customer-managed encryption keys.

  9. Click Continue.

  10. In the Billing section, select General pricing or Configurable pricing. For more information, see Verify the billing status of your projects and Licenses.

  11. Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data Stores page.

On the Data Stores page, click your data store name to see the status. After the data store state changes from Creating to Active, the Confluence Cloud connector is ready to be used.

For an ingestion connector created with Confluence Cloud, the data store state transitions from Creating to Running upon synchronization initiation. It then changes to Active once ingestion is complete, signifying that the data store is fully configured. Depending on data volume, ingestion may require several hours.

After creating the data store, create an app, connect it to the Confluence Cloud data store, and authorize Gemini Enterprise to access Confluence Cloud before executing any queries.

Enable real-time sync for data ingestion

Real-time sync only syncs document entities and doesn't sync data related to identity entities. The following table shows which document events are supported with real-time sync.

Confluence entities Create Update Delete Permission changes
Spaces
Pages
Blogs
Attachments
Comments
Whiteboards

Enable real-time sync 20 minutes after creating the Confluence Cloud data store. To enable real-time sync for a Confluence data source, follow these steps:

Generate a webhook URL

  1. Navigate to the Gemini Enterprise page, and in the navigation menu, click Data Stores.
  2. Select a Confluence data store.
  3. Click View/Edit in the Realtime sync row.
  4. In the View and edit realtime sync parameters dialog, do the following:
    1. To turn on real-time sync, click the Enable realtime sync toggle.
    2. In the Client secret field, enter a placeholder value, such as clientsecret.
    3. Click Save.
  5. After the status of Realtime sync changes to Running, click View/Edit.
  6. In the View and edit realtime sync parameters dialog, do the following:
    1. Copy the Webhook URL.
    2. Click Close.

Subscribe to events using the API

To receive real-time updates from Confluence, you must subscribe to specific events using a POST request. To make API calls, use the same administrator account used for setting up authentication and permissions in Confluence to create the data store.

      curl -X POST \
        INSTANCE_URL/wiki/rest/webhooks/1.0/webhook \
        -H "Content-Type: application/json" \
        -u "USERNAME:API_TOKEN" \
        -d '{
          "name": "SUBSCRIPTION_NAME",
          "url": "LISTENER_URL",
          "events": [
            "EVENT_TYPE_1",
            "EVENT_TYPE_2"
          ],
          "active": true
        }'

  • INSTANCE_URL: The base web address for your Atlassian Cloud site.

  • USERNAME: The Atlassian Cloud username.

  • API_TOKEN: The API token generated from your Atlassian account. For more information, see Set up an API token in Confluence

  • SUBSCRIPTION_NAME: A unique name for your event subscription.

  • LISTENER_URL: The webhook URL copied from the Google Cloud console once Real-Time Sync (RTS) is enabled on your data store.

  • EVENT_TYPE: The event types that you want to subscribe to. You can subscribe to create, update, and delete events for attachments, blog posts, pages, spaces, and comments.

    The user can subscribe to the following events:

    • space_created
    • space_updated
    • page_created
    • page_updated
    • attachment_created
    • attachment_updated
    • comment_created
    • comment_updated
    • blog_created
    • blog_updated

API error codes

This table lists common API error codes users encounter when creating webhooks.

Error class Error code Error message Troubleshooting
403 FORBIDDEN Current user not permitted to use Confluence. Ensure a valid token from an administrator account and correct API endpoint.

Data handling and query execution

This section describes how Gemini Enterprise manages your query and the privacy implications of using the federated data store.

Query execution

After you authorize Confluence Cloud and send a search query to Gemini Enterprise:

  • Gemini Enterprise sends your search query directly to the Atlassian API.
  • Gemini Enterprise blends the results with those from other connected data sources and displays a comprehensive search result.

Data handling

When using third-party federated search, the following data handling rules apply:

  • Your query string is sent to the third-party search backend (Atlassian API).
  • These third parties may associate queries with your identity.
  • If multiple federated search data sources are enabled, the query might be sent to all of them.
  • Once the data reaches the third-party system, it is governed by that system's terms of service and privacy policies.

What's next