If a managed has been granted access to an external site, an organisation administrator is unable to remove access. The best they can manage is to deactivate the account.

CLOUD-11690 was closed stating that the app requests and automatic app discovery features addresses this need, but it does not.

If an org admin sees that a managed account has access to Trello, Bitbucket, or any external Jira or Confluence site, they are unable to remove this access, they instead need to do one of the followoing:

• Reach out to the admin of the relevant site or workspace (NB: They have no way to find out who this is) and request the user be removed
• Deactivate the managed user's atlassian account
• Contact support to ask them to reach out to the relevant administrator