-
Bug
-
Resolution: Fixed
-
Highest
-
None
-
234
-
Minor
-
Issue Summary
- Similar to but not the same as:
ACCESS-819- "Allow account deactivation for unverified accounts" - Since
ACCESS-617- "Unverified email addresses does not appear under Managed Accounts" was shipped, unverified Atlassian accounts are now surfaced to the Managed accounts page in the organization UI - There are buttons to delete or deactivate the unverified account within the UI, but when clicked, admins receive an error message(see below)
Steps to Reproduce
- Navigate to an unverified Atlassian account in the organization UI
- Try to delete or deactivate the account
Expected Results
- The account is deactivated or is marked for deletion(14 day grace period)
Actual Results
- 403 response:
{"errorKey":"forbidden","errorDetail":"Error: Principal cannot manage account of non-managed user"}
Workaround
- Verify the account first, and then you'll be able deactivate or delete the account
- is caused by
-
-
- Closed
-
- is related to
-
ACCESS-819 Allow account deactivation for unverified accounts
- Closed
- relates to
-
-
- Closed
-
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[ACCESS-1015] Unable to deactivate or delete unverified accounts
REST API still broken. Can you re-open this issue please?
Hi,
We can deactivate users via the UI, but are unable to use API (org admin account) to deactivate and delete the account.
When using the API to check if we can manage the user (https://api.atlassian.com/users/\{id}/manage) we get the error: Error: Cannot perform action on unverified account.
I'm adding this comment on request from Support as I have also raised a Support ticket regarding the API issue.
We are able to deactivate these accounts via the member details page but not through the org API. The error message that we get is "Error: Caller must be an org admin of targeted account or be the targeted account"
Does the Atlassian org API support deactivation of these accounts yet?
Hi all,
I am excited to share that it is now possible to deactivate any unverified account that is managed by your organization from the Member Details page. The change has been rolled out to all users.
Thank you for your patience in waiting for this to get resolved, and please don't hesitate to reach out with any feedback or questions!
Best regards,
Ilya Bagrak
Principal Product Manager, Enterprise Cloud
We're in a situation where we can now deactivate unverified accounts through the GUI, but the API still reports them as active so we don't know which to believe!
If we try to deactivate the account from the API we get the following error (the API account is an Org admin, and retrieved their details from an Org API):
{
?? "context": "Error: Caller must be an org admin of targeted account or be the targeted account",??
?? "errorDetail": "Error: Caller must be an org admin of targeted account or be the targeted account",??
?? "errorKey": "forbidden",??
?? "key": "forbidden"??
}
Hope your investigation include the deletion of unverified accounts.
At the moment we cannot delete them.
Thank you.
I think the steps that @Connor listed depends on how many unverified addresses you wish to delete. I have a ton of addresses and it is not imaginable how much time it would take to change the email addresses and verify them and then delete. When I tried REST API, there is a limitation in that it cannot see addresses or accounts at the site level, just the org level. I was working with Atlassian support and the agent suggested I open a new service request with the Org team. The Org team asked me to supply the .csv file with the unverified email addresses including the account id. I have done this and by Monday it should all be deleted. I believe this can be deleted using the account id from the database.
@Ashish, I followed Rob's advice to delete a bunch of unverified/deactivated accounts. I'll list my exact steps below using 2 example emails, for me and an unverified/deactivated account. My example email is connor.example@mydomain.com, the unverified/deactivated user's example email is user.example@mydomain.com
- Login to admin center --> Directory --> Managed accounts
- View details page of an unverified/deactivated account
- Edited their email address so it was connor.example+user.example@mydomain.com. That email is the equivalent to my personal email of connor.example@mydomain.com
- After you edit a user's email, a verification email is sent to the new email address.
- With a few users I ran into an issue where my email provider, Exchange Online, failed to deliver the email verification email. When that happened I reactivated the user, which sends a reactivation email with a link to login, which is effectively the same the email verification email. Exchange Online never had a problem delivering this 2nd email.
- When I received the verification email, I clicked the Verify your email link which took me to the Atlassian login page. I did not have to login.
- I refreshed the user's details page, and they were now verified. After verification I now had the option to delete the user.
- I selected to delete the user, and I did not run into any errors when doing that.
Note: For those using Exchange Online, Plus Addressing must be enabled within your organization before you do this. Read how to enable it here: https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online
@Rob, Can you elaborate the trick you mentioned. I did what was mentioned yet I have not received any verification email on my side.
Hi automation+test1833198924 ,
I agree with you from experience that rest-api cannot delete accounts, it is not seeing users at the org level when I tried. I also had an Atlassian engineer on and we tried using a javascript code from the Chrome tools without success.
Atlassian admins can delete for you if you have a lot of users to delete, and this is immediate as opposed tp waiting for 14 days if you do this yourself fron the GUI.