simstudioai
diff --git a/‎apps/docs/content/docs/en/files/generating.mdx‎
Lines changed: 3 additions & 3 deletions b/‎apps/docs/content/docs/en/files/generating.mdx‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎apps/docs/content/docs/en/files/using-in-workflows.mdx‎
Lines changed: 2 additions & 2 deletions b/‎apps/docs/content/docs/en/files/using-in-workflows.mdx‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/docs/content/docs/en/integrations/atlassian-service-account.mdx‎
Lines changed: 166 additions & 0 deletions b/‎apps/docs/content/docs/en/integrations/atlassian-service-account.mdx‎
Lines changed: 166 additions & 0 deletions
@@ -7,7 +7,7 @@ pageType: concept
 import { Callout } from 'fumadocs-ui/components/callout'
 import { Card, Cards } from 'fumadocs-ui/components/card'
 
-A generated file is an artifact a workflow run creates: a report, a CSV, a rendered audio clip. It starts as a value a block produces and becomes a workspace file when a [File](/integrations/file) block writes it to the [Files](/files) store. Once saved, it has a name, a size, and a URL, and any later run can read it back.
+A generated file is an artifact a workflow run creates: a report, a CSV, a rendered audio clip. It starts as a value a block produces and becomes a workspace file when a [File](/files) block writes it to the [Files](/files) store. Once saved, it has a name, a size, and a URL, and any later run can read it back.
 
 Like a build pipeline that produces artifacts and stores them in an artifact repository, a workflow produces file artifacts that land in your workspace Files store, indexed by ID and shared across every workflow.
 
@@ -27,7 +27,7 @@ A block's output is remembered under the block's name for the rest of the run, a
 
 ## Saving content with the File block
 
-The [File](/integrations/file) block's **Write** operation creates a new workspace file. It takes two required fields: a `fileName` (like `report.md`) and the `content` string to store. It returns the saved file's details.
+The [File](/files) block's **Write** operation creates a new workspace file. It takes two required fields: a `fileName` (like `report.md`) and the `content` string to store. It returns the saved file's details.
 
 {/* VISUAL: File Write anatomy: inputs (fileName, content, contentType?) → outputs (id, name, size, url) */}
 
@@ -63,6 +63,6 @@ When a workflow is deployed as an [API](/deployment/api), a generated file can b
 <Cards>
   <Card title="Files overview" href="/files" description="The artifact layer of your workspace." />
   <Card title="Using files in workflows" href="/files/passing-files" description="Provide files to a workflow and receive files back." />
-  <Card title="File block" href="/integrations/file" description="Read, Get, Write, and Append operations in full." />
+  <Card title="File block" href="/files" description="Read, Get, Write, and Append operations in full." />
   <Card title="API deployment" href="/deployment/api" description="Expose a workflow as an API and return file references." />
 </Cards>
@@ -7,7 +7,7 @@ pageType: concept
 import { Callout } from 'fumadocs-ui/components/callout'
 import { Card, Cards } from 'fumadocs-ui/components/card'
 
-A file is a document, image, spreadsheet, or PDF in your workspace. A workflow can read a file to act on its contents, pass a file to a block or tool that needs one (attach a PDF to an email, send an image to a vision model), or produce a new file and save it. The [File](/integrations/file) block is how a file enters or leaves a workflow; the work in between is done by whatever block the task calls for.
+A file is a document, image, spreadsheet, or PDF in your workspace. A workflow can read a file to act on its contents, pass a file to a block or tool that needs one (attach a PDF to an email, send an image to a vision model), or produce a new file and save it. The [File](/files) block is how a file enters or leaves a workflow; the work in between is done by whatever block the task calls for.
 
 What you do with a file depends on the task, so this page covers the File block's operations and how a file moves between blocks rather than one fixed recipe. The example we'll use throughout reads `report.pdf`, asks an agent to summarize it, and saves the summary as `summary.md`, which exercises reading, processing, and writing in one workflow.
 
@@ -103,7 +103,7 @@ For the file-object schema in full, base64 access, and how files move across API
 <Cards>
   <Card title="Passing files" href="/files/passing-files" description="The file object in full: properties, base64, and references across blocks." />
   <Card title="Generating & storing files" href="/files/generating" description="Produce files from a run and save them to your workspace." />
-  <Card title="File block reference" href="/integrations/file" description="Every operation, input, and output in detail." />
+  <Card title="File block reference" href="/files" description="Every operation, input, and output in detail." />
   <Card title="Agent block" href="/blocks/agent" description="Give an agent files to read, summarize, or analyze." />
   <Card title="Using tables in workflows" href="/tables/using-in-workflows" description="Read and write structured rows the same way you read and write files." />
 </Cards>
@@ -0,0 +1,166 @@
+---
+title: Atlassian Service Accounts
+description: Set up an Atlassian service account with a scoped API token to use Jira and Confluence in Sim workflows
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+import { Step, Steps } from 'fumadocs-ui/components/steps'
+import { Image } from '@/components/ui/image'
+import { FAQ } from '@/components/ui/faq'
+
+Atlassian service accounts let your workflows authenticate to Jira and Confluence as a non-human bot user — independent of any individual employee's account. Each service account has its own email, its own permissions, and its own API tokens, all managed centrally in admin.atlassian.com.
+
+This is the recommended way to use Jira and Confluence in production workflows: no one person's OAuth consent expires, the bot's permissions are auditable, and access can be revoked without touching anyone's personal account.
+
+## Prerequisites
+
+You need an Atlassian organization admin to create the service account. Service accounts are an Atlassian organization-level feature — they cannot be created from a regular user account.
+
+## Setting Up the Service Account
+
+### 1. Create the Service Account
+
+<Steps>
+  <Step>
+    Open [admin.atlassian.com](https://admin.atlassian.com/) and go to **Directory** → **Service accounts**
+
+    {/* TODO(screenshot): admin.atlassian.com directory page with the "Service accounts" tab highlighted */}
+  </Step>
+  <Step>
+    Click **Create service account**, give it a name (e.g. `sim-jira-bot`), and finish creation
+  </Step>
+  <Step>
+    Grant the service account access to the Atlassian sites and products it needs. Open the service account, go to **Product access**, and add Jira and/or Confluence on the relevant site
+
+    {/* TODO(screenshot): service account "Product access" tab showing Jira granted on a site */}
+  </Step>
+</Steps>
+
+<Callout type="info">
+The service account inherits permissions from the project/space roles you grant it — exactly like a human user. If a workflow needs to write to a specific Jira project, give the service account write access to that project in Jira's project settings.
+</Callout>
+
+### 2. Create a Scoped API Token
+
+<Steps>
+  <Step>
+    From the service account's page in admin.atlassian.com, open the **API tokens** tab and click **Create API token**
+
+    {/* TODO(screenshot): service account API tokens tab with "Create API token" button */}
+  </Step>
+  <Step>
+    Choose **API token** as the authentication type (not OAuth 2.0 — Sim uses the API token flow)
+
+    <div className="flex justify-center">
+      <Image
+        src="/static/credentials/atlassian/admin-auth-type-picker.png"
+        alt="Atlassian admin — Choose authentication type with API token selected"
+        width={700}
+        height={500}
+        className="my-4"
+      />
+    </div>
+  </Step>
+  <Step>
+    Select the scopes the token needs. The minimum set Sim's Jira and Confluence blocks expect is:
+
+    **Jira (granular):**
+    ```
+    read:jira-user
+    read:jira-work
+    write:jira-work
+    ```
+
+    **Confluence (granular):**
+    ```
+    read:confluence-content.all
+    read:confluence-space.summary
+    write:confluence-content
+    read:page:confluence
+    write:page:confluence
+    ```
+
+    Add more scopes only if you need the corresponding operations (delete, manage webhooks, etc.). The full list of scopes Sim's blocks may use is documented in [Atlassian's developer reference](https://developer.atlassian.com/cloud/jira/platform/scopes-for-oauth-2-3LO-and-forge-apps/).
+
+    <div className="flex justify-center">
+      <Image
+        src="/static/credentials/atlassian/admin-scope-picker.png"
+        alt="Atlassian token scope picker filtered to App: Jira and Scope type: Classic"
+        width={1000}
+        height={600}
+        className="my-4"
+      />
+    </div>
+
+    <Callout type="info">
+      Use the **App** and **Scope type** filters to narrow the list to the scopes you need. Filter by `App: Jira` (or `Confluence`) and `Scope type: Classic` to find the three core Jira scopes; switch to **Granular** if your org doesn't expose Classic.
+    </Callout>
+  </Step>
+  <Step>
+    Copy the token when it's shown. Atlassian only displays it once — if you close the dialog, you'll have to create a new token.
+  </Step>
+</Steps>
+
+<Callout type="warn">
+The API token is bearer credentials for the service account. Treat it like a password — do not commit it to source control or share it publicly. Sim encrypts the token at rest.
+</Callout>
+
+### 3. Find Your Site Domain
+
+Your Atlassian site domain is the URL you use to access Jira or Confluence in your browser — for example, `your-team.atlassian.net`. Open Jira or Confluence, look at the address bar, and copy the part before the first `/`.
+
+## Adding the Service Account to Sim
+
+<Steps>
+  <Step>
+    Open your workspace **Settings** and go to the **Integrations** tab
+  </Step>
+  <Step>
+    Search for "Atlassian Service Account" and click it
+
+    {/* TODO(screenshot): Integrations page with "Atlassian Service Account" in the service list */}
+  </Step>
+  <Step>
+    Paste the API token, enter the site domain (e.g. `your-team.atlassian.net`), and optionally set a display name and description
+
+    <div className="flex justify-center">
+      <Image
+        src="/static/credentials/atlassian/sim-add-modal.png"
+        alt="Add Atlassian Service Account dialog with API token and site domain filled in"
+        width={420}
+        height={560}
+        className="my-6"
+      />
+    </div>
+  </Step>
+  <Step>
+    Click **Add Service Account**. Sim verifies the token by calling Atlassian's `/myself` endpoint through the gateway — if it fails, you'll see a specific error explaining what went wrong.
+  </Step>
+</Steps>
+
+The token, domain, and discovered cloudId are encrypted before being stored.
+
+## Using the Service Account in Workflows
+
+Add a Jira or Confluence block to your workflow. In the credential dropdown, your Atlassian service account appears alongside any OAuth credentials. Select it and configure the block as you normally would.
+
+<div className="flex justify-center">
+  <Image
+    src="/static/credentials/atlassian/sim-jira-block-credential.png"
+    alt="Jira block in a workflow with the Atlassian service account selected as the credential"
+    width={1000}
+    height={500}
+    className="my-4"
+  />
+</div>
+
+The block calls Atlassian's API gateway (`api.atlassian.com/ex/jira/{cloudId}/...`) using the service account's token. There's no impersonation step — the service account acts as itself, with whatever permissions you granted it in admin.atlassian.com.
+
+<FAQ items={[
+  { question: "Why an API token instead of OAuth?", answer: "API tokens for service accounts don't have a 1-hour expiry and don't require any user to consent. They're issued by an org admin and are stable until you revoke them — which is what you want for an automated workflow." },
+  { question: "Can a regular user create a service account?", answer: "No. Service accounts are an Atlassian organization-level feature and only an organization admin can create them." },
+  { question: "Can the same service account work with both Jira and Confluence?", answer: "Yes — give the service account access to both products on your site, and include scopes for both when you create the API token. Then connect it once in Sim and use it from either Jira or Confluence blocks." },
+  { question: "What if my workflow needs different permissions than the token has?", answer: "Either widen the token's scopes (revoke it and create a new one with more scopes), or grant the service account higher project/space roles in Jira or Confluence. Scope failures look like 401/403 errors with descriptive messages." },
+  { question: "How do I rotate the API token?", answer: "Create a new token from the same service account in admin.atlassian.com, update the credential in Sim with the new token, and once it's working, revoke the old one." },
+  { question: "Does this work with Atlassian Data Center / on-prem?", answer: "No — this integration uses Atlassian Cloud's API gateway (`api.atlassian.com`). For Data Center, use the OAuth flow or set up a self-hosted bot user." },
+]} />