Uploaded image for project: 'Identity'
  1. Identity
  2. ID-6517

Bulk Edit Atlassian Accounts in a Cloud Instance

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      According to the section "Deactivate or delete users" here, there is no way to bulk deactivate users.

      We need the ability to read all active users in Atlassian Cloud and when necessary, deactivate/edit those Atlassian accounts.

      Suggested Solution

      • Implement an API solution for updating individuals and bulk updating users in mass
      • Allow the ability for the Atlassian Account to be synced with the Identity Provider account so that deactivation occurs automatically from either side

      Why this is important

      As a Site-admin, it's not feasible to manually deactivate/edit accounts on an individual basis. The ability to bulk deactivate users in User Management is a necessary requirement

      According to https://confluence.atlassian.com/jirakb/user-management-rest-api-changes-in-jira-cloud-858756548.html

      What options do I have for managing Atlassian accounts themselves via API?

      Atlassian accounts cannot be managed via public APIs today. We are currently evaluating how best to expose these capabilities in a secure manner that best meets our customers' use cases.

      Our large software company constantly runs up against the # of users and we need a way to ensure our license usage is accurate. All we want is to Deactivate the user upon them leaving our company.

      Workaround

      No workaround available

          Form Name

            [ID-6517] Bulk Edit Atlassian Accounts in a Cloud Instance

            Hi everyone,

            Today we released documentation for new APIs that allow organization administrators to edit accounts that are managed by their organization. Once you have created an organization and verified your domain, you can use the following APIs to manage accounts:

            • The Organizations API is available to list all the managed accounts in your organization. You can use this to enumerate the unique Atlassian account ID for each users.
            • The User management API is available to edit individual users. You can use this API to edit attributes for a given Atlassian account ID using the PATCH /users/ {account_id}/manage/profile method.

            The types of changes you can make with this API include:

            • Enabling/disabling the Atlassian account
            • Changing user email addresses or departments

            For other bulk user management changes, we recommend using the User provisioning (SCIM) API to sync users and groups from an external system. The documentation for the SCIM API is also now available.

            Regards,
            Dave Meyer
            Atlassian Access Product Management

            Dave Meyer added a comment - Hi everyone, Today we released documentation for new APIs that allow organization administrators to edit accounts that are managed by their organization . Once you have created an organization and verified your domain , you can use the following APIs to manage accounts: The Organizations API is available to list all the managed accounts in your organization. You can use this to enumerate the unique Atlassian account ID for each users. The User management API is available to edit individual users. You can use this API to edit attributes for a given Atlassian account ID using the PATCH /users/ {account_id}/manage/profile method. The types of changes you can make with this API include: Enabling/disabling the Atlassian account Changing user email addresses or departments For other bulk user management changes, we recommend using the User provisioning (SCIM) API to sync users and groups from an external system. The documentation for the SCIM API is also now available. Regards, Dave Meyer Atlassian Access Product Management

            We've hit the same issues. We have automatic scripts that highlight a list of users to be deactivated or have access to Jira/Confluence removed.

            We are using the Atlassian Identity Manager and Atlassian accounts.

            The detail of the ticket we logged to discuss this same set of issues is here; JST-381927.

            This issue is a major barrier to adopting Atlassian cloud at scale.

            In our case we have to parse the output of the user export function and identify users to deactivate and generate a manual report for an admin team to process - we really shouldn't need to resort to manually processes when an extensive API exists already - it really just needs extending to incorporate basic account management functions (with respect to cost control of Atlassian Identity Manage, Jira and Confluence.

            What would be even better would be for the Atlassian cloud to be extended to allow for auto deactivation of user accounts based on inactivity.periods (defined at a cloud instance level), along with a simple confirmation workflow. - that way we wouldn't need to resort to custom code.

            Similar functionality should also be part of the base Jira Server and Confluence Server offerings (for people unable to consume cloud due to data sovereignty/other issues)

             

             

             

             

             

            Ashley Watson added a comment - We've hit the same issues. We have automatic scripts that highlight a list of users to be deactivated or have access to Jira/Confluence removed. We are using the Atlassian Identity Manager and Atlassian accounts. The detail of the ticket we logged to discuss this same set of issues is here; JST-381927. This issue is a major barrier to adopting Atlassian cloud at scale. In our case we have to parse the output of the user export function and identify users to deactivate and generate a manual report for an admin team to process - we really shouldn't need to resort to manually processes when an extensive API exists already - it really just needs extending to incorporate basic account management functions (with respect to cost control of Atlassian Identity Manage, Jira and Confluence. What would be even better would be for the Atlassian cloud to be extended to allow for auto deactivation of user accounts based on inactivity.periods (defined at a cloud instance level), along with a simple confirmation workflow. - that way we wouldn't need to resort to custom code. Similar functionality should also be part of the base Jira Server and Confluence Server offerings (for people unable to consume cloud due to data sovereignty/other issues)          

              Unassigned Unassigned
              jworley Jason Worley (Inactive)
              Votes:
              9 Vote for this issue
              Watchers:
              24 Start watching this issue

                Created:
                Updated:
                Resolved: