Summary

• In Atlassian Cloud, an organization admin wants to deactivate a managed account user who has left the organization.

• When the org admin tries to deactivate the managed account (via admin.atlassian.com → Directory → Managed accounts), the operation fails with an error stating that the user still has entitlements.

• The blocker is that the user previously created their own Atlassian Cloud sites (for example, trial or free sites) where they are the site owner / billing contact.

• As long as those entitlements/sites exist, the org admin cannot complete deactivation of the managed account.

From a security and compliance perspective, this is a problem for enterprise customers because:

• The user has left the company; their corporate identity is removed from IdP and other systems, but their Atlassian managed account can’t be deactivated due to product ownership constraints on sites they created.

• Org admins often cannot see or control all of those self‑created sites, particularly if they are in other orgs or not clearly discoverable.

• This blocks customer offboarding workflows, HR processes, and internal audit / compliance requirements that mandate timely deactivation of all corporate identities.

Expected / Desired behavior

Org admins should be able to fully deactivate a managed account that belongs to their verified domain, even if:

• The user is the original creator / owner / billing contact of one or more Atlassian Cloud sites, and/or

• There are active entitlements associated to those sites.