Uploaded image for project: 'Identity'
  1. Identity
  2. ID-7748

Admin API cannot be used on unverified accounts

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • Profile - View
    • None

      Issue Summary

      Unverified accounts can be be managed using the admin APIs. The following endpoints cannot be used against unverified accounts. 

      GET /users/{account_id}/manage/profile
PATCH /users/{account_id}/manage/profile
PUT /users/{account_id}/manage/email
POST /users/{account_id}/manage/lifecycle/disable
POST /users/{account_id}/manage/lifecycle/enable

      Steps to Reproduce

      Use the admin API to deactivate an unverified account.

      curl --request POST \
  --url 'https://api.atlassian.com/users/<UNVERIFIED_ACCOUNTID>/manage/lifecycle/disable' \
  --header 'Authorization: Bearer <ORG_APITOKEN>' \
  --header 'Content-Type: application/json' \
  --data '{
  "message": "..."
}'

      Expected Results

      The unverified account should be deactivated.

      Actual Results

      Error message returned

      < HTTP/2 403 
{"key":"forbidden.targetUnverified",
"context":"Error: Cannot perform action on unverified account",
"errorKey":"forbidden.target-unverified",
"errorDetail":"Error: Cannot perform action on unverified account"}

      Workaround

      Perform the deactivation via the org managed account admin interface if possible.

            [ID-7748] Admin API cannot be used on unverified accounts

            Paul Benario added a comment -

            Awesome, thank you Luey! We'll test it out!

            Paul Benario added a comment - Awesome, thank you Luey! We'll test it out!

            luey 🥝 (Inactive) added a comment - - edited

            Hi everyone!

            I'm the developer who worked on this change.

            I'm happy to announce that we have removed the verified target account restriction for all endpoints listed in the ticket, including /disable. Feel free to leave me a comment if you have any problems.

            If there’s a request that hasn’t been addressed with this update, please raise a new feature request so that we can track it separately.

            luey 🥝 (Inactive) added a comment - - edited Hi everyone! I'm the developer who worked on this change. I'm happy to announce that we have removed the verified target account restriction for all endpoints listed in the ticket, including /disable . Feel free to leave me a comment if you have any problems. If there’s a request that hasn’t been addressed with this update, please raise a new feature request so that we can track it separately.

            Theo van Arem added a comment -

            can we get an update on this issue?

            Theo van Arem added a comment - can we get an update on this issue?

            Theo van Arem added a comment -

            We have our domain verified by Atlassian. This allows us to manage all account that have been registered using our mail domain. Via the UI we are able to manage those accounts but it seems not possible to mange then via the API.

            In addition we would like to see when the account registration has been triggered and any possible last actions performed. We can use this information to determine if we want to automatically disable and after a grace period delete the account registration.

            Theo van Arem added a comment - We have our domain verified by Atlassian. This allows us to manage all account that have been registered using our mail domain. Via the UI we are able to manage those accounts but it seems not possible to mange then via the API. In addition we would like to see when the account registration has been triggered and any possible last actions performed. We can use this information to determine if we want to automatically disable and after a grace period delete the account registration.

              ayang@atlassian.com Aneita
              rmacalinao Ramon M
              Affected customers:
              7 This affects my team
              Watchers:
              17 Start watching this issue

                Created:
                Updated:
                Resolved: