Issue summary

Currently, when the account's product access is removed via provisioning, the site access will remain. 

The other way around, if the site access is revoked on the site, provisioning will not be able to turn it on based on when product access is provisioned via groups. 

Suggestion

In the old admin UI, provide the ability to control site access for accounts via user provisioning.
In the new admin UI, the ability to suspend and unsuspend the user in the organization via user provisioning

Workaround

While the site/organization access cannot be controlled via user provisioning, consider using some other methods to revoke/re-grant access to the products.

• Use (license) groups to grant and revoke access. This can be configured via provisioning
• Deactivate/reactivate the Atlassian Account via provisioning. Note that this will also block access to other products such as Trello and Bitbucket.