Hello everyone,

For all the watchers of this request, upon performing different tests and working in recent, existing scenarios for Confluence Cloud, the behavior of this suggestion should be applied for the Confluence Server/On-prem edition, highlighted in the following sources:

• What happens when I reach my license user limit in Confluence
• https://jira.atlassian.com/browse/CONFSERVER-27524 (original suggestion where this was cloned from)

For Confluence Cloud, the behavior is already different, impacting the customization for spaces and creating new personal spaces as well, as described in the following public article:

• What happens when you exceed your user license limit in Confluence Cloud

As the impact should not turn Confluence into read-only, allowing pages to be edited and created, we will be closing this suggestion, but the corresponding one for Confluence Server/On-prem will remain open to collect feedback.

To improve the handling of Annual subscriptions for Atlassian Cloud, the following suggestion has been created, which you can add yourself as a watcher and share feedback:

https://jira.atlassian.com/browse/ID-8076 

Thank you very much for your patience!

This is so unreal Atlassian. 
When we integrate Jira and an IDP we expect to automate things and make them better and easier.

You guys need to have alerts when a license threshold is reached, btw this threshold should be defined by the instance admin not a fixed one.

What I would expect to see happening if we end up having more users than licenses (because you guys can't block the integration to do so) is that an email would be sent to the system administrators saying that we have 10 days (at least due to the length of the process to get more licenses) to upgrade the user tier OTHERWISE the instance would go read-only. 

To get the number of licensed users:

/*
 * Purpose: retrieve number of users that take a license in Confluence
 */
SELECT u.id, u.user_name, u.email_address, g.group_name, d.directory_name
FROM cwd_user u
JOIN cwd_membership m ON u.id=m.child_user_id
JOIN cwd_group g ON m.parent_id=g.id
JOIN cwd_directory d ON d.id=g.directory_id
WHERE g.group_name in (SELECT PERMGROUPNAME FROM SPACEPERMISSIONS WHERE PERMTYPE = 'USECONFLUENCE') AND u.active = 'T'
ORDER BY user_name;

This works with Confluence 5.10.6.

And I run another one to determine if a user could be de-activated based on their last time login:

/*
Purpose: Retrieve list of users ordered by last authenticated in Confluence
 */
 SELECT u.id, u.user_name, g.group_name, d.directory_name, to_timestamp(CAST(cua.attribute_value AS double precision)/1000) AS last_login
 FROM cwd_user_attribute cua
 JOIN cwd_user u ON u.id = cua.user_id
 JOIN cwd_membership m on u.id=m.child_user_id
 JOIN cwd_group g ON m.parent_id=g.id
 JOIN cwd_directory d ON d.id=g.directory_id
 WHERE g.group_name in (SELECT PERMGROUPNAME FROM SPACEPERMISSIONS WHERE PERMTYPE = 'USECONFLUENCE') 
 AND u.active = 'T'
 AND cua.user_id = u.id AND cua.attribute_name = 'lastAuthenticated'
 ORDER BY last_login 

Which table did you run the script from? Thanks

I've now scheduled a small sql script to count the used licenses every day and email me a warning when it exceeds a threshold. IMHO this should be part of Confluence and JIRA core. 

I am in the same situation here. Our licenses exceeded our limit and everyone was locked out. This was a big mess as we comb through which accounts to delete. I would think that such a simple thing will have a solution already after 4 years. I am adding my voice here. We need this feature asap.

Agree with above comments. We had this issue as well and it was very inconvenient. Nobody could work for a day and as it is not very straightforward to disable users if they are synchronized via LDAP.
At least we should get a warning well before the license limit is reached.

From my perspective, this behavior causes major outages of the product over extended periods with massive disruption and cost. This should be treated with the same severity as 'a % of all confluence instances are broken right now', which I imagine wouldn't still be open 4 years later.

Thanks, Robert. This still affects us in 5.1.3 and it's hugely disruptive behavior. Our users are automatically added to the confluence-users group when they log in via LDAP synchronization. When the 2001st user logs in, all existing 2000 users that we are paying for lose their edit privileges. Please fix ASAP.

An extension of the second bullet:

• No users can be added (or received from an external user directory) over the license limit.

In the case that Confluence is configured to auto-add users to a Global Permission group upon login (e.g. confluence-users), the application should be smart enough to not do this if it would exceed the license count. A corresponding warning should be thrown in the logs.