Issue Summary

After group provisioning a managed user, while the Atlassian account is on the deletion process, the Atlassian account becomes inactive and it isn't possible to activate the user at the Organization, the provisioning troubleshooting logs will show the following message:

Unable to enable user <email_address>. This user could be in pending deletion state or blocked due to internal policy.

Steps to Reproduce ( using Okta as an example )

1. Create a user under a verified domain ( by inviting to the instance )
2. Trigger the deletion process at the Organization UI, then open the developers' tool and refresh the page to check if the status of the account is "BLOCKED" ( it will appear on a GET log with the name equals to the AAID )
3. Create  and activate the user at Okta 
4. Assign to a group and do the group push ( you must look if the Atlassian account is now with an e-mail address verified and is deactivated, otherwise the issue won't happen )
5. Go to the user at the Organization UI > managed accounts and chose cancel deletion
6. The user will remain inactive and the reactivate button won't be available

Expected Results

When you Cancel deletion the Organization UI should show the user as active, which means the Atlassian account is now active.

Actual Results

It's not possible to activate the user anymore.

  "id": "xxxxxxx",
  "userName": "xxxxxxxxx",
  "displayName": "xxxxxxxx",
  "avatarUrl": "xxxxxxxxxxx",
  "jobTitle": "",
  "active": "BLOCKED",
  "useMfa": xxxx,
  "emails": [
    {
      "value": "xxxxxxxxxxxxxxxx",
      "primary": true,
      "verified": true
      }

Notes

• Couldn't reproduce the error without verifying the e-mail address on step 4 
• Couldn't reproduce the error if the status of step 2 is "DISABLED"

Workaround

Delete the Atlassian account and recreate the user.