Problem Definition

Atlassian currently synchronizes users with Google Workspace on a fixed schedule, and there is no public API to manually trigger an immediate sync or to force an update for specific users. As a result, user status in Atlassian can remain outdated for several hours after the user has been disabled in Google Workspace, which particularly impacts offboarding scenarios.

Suggested Solution

Customer is asking for a public, authenticated API endpoint that can be called by their external provisioning system to start an on-demand sync with Google Workspace, either for all users or ideally for a specified subset of users. The API should reconcile user state (active/suspended/deactivated) based on the current Google Workspace data and apply changes to Atlassian as soon as possible, reducing reliance on the fixed sync schedule.

Why this is important

Without an on-demand sync API, there is a security and compliance risk because former employees can retain access to Atlassian for several hours after being offboarded elsewhere. This also prevents the customer from having a fully automated and consistent offboarding flow across all systems. Providing this API would enable tighter access control, reduce risk, and improve governance by allowing centralized workflows to revoke access to Atlassian at the same time as other tools.

Workaround

The customer can use the following API as a workaround to immediately remove the SCIM/Google Workspace link for a specific user account:

• Delete user in SCIM DB

Once the user’s SCIM/Google Workspace link is removed, the account will no longer receive any group memberships that are synced from the IdP. After that, you can complete the deactivation or deletion of the managed account using the Lifecycle API endpoints:

• Lifecycle API

This combination allows you to immediately break the SCIM/Google Workspace association and then explicitly control the user’s lifecycle in Atlassian.