Deactivation is an essential piece of user management in Jira. Failing to deactivate Jira users can have very negative consequences, like exceeding license limits or maintaining access from former employees.
Note: Never delete users in Jira or any other Atlassian tool, as this will remove them from all their history and generate problems like broken queries.
Here’s how you can deactivate Jira users
Method 1: Manual deactivation
This method is supported with Atlassian’s standard administration UI and works identically in Jira, Confluence, or Bitbucket. To deactivate a user you must have administrator permissions and follow the next steps:
- Step 1: Go to the User Management section from the administration cog at the right of the top menu bar
- Step 2: Select the “Users” tab on the left panel
- Step 3: Find the user you want to deactivate in the user browser
- Step 4: Once you’ve found the user, click “Edit” under the Actions column
- Step 5: In the modal window, uncheck the Active box, then click update
To entirely delete a user in Jira, then explore the other actions, and hit delete. Again, note that this action can create big problems if that user has a history in the instance. The rule of thumb is to delete only test users or users created by error.
Method 2: Bulk deactivations
This method is particularly useful when you want to deactivate a large number of users from one or more groups or discover sets of users that may not need access to Jira any longer.
These are the prerequisites to deactivate users in bulk in Jira, Confluence or Bitbucket:
- Install User Deactivator from the Atlassian Marketplace
- The user that will perform the bulk deactivation will also need an administrator permission
Once you are on the User Deactivator interface, you can deactivate any number of users in bulk:
- Step 1: Apply any filters to your search (see here what the user browser lets you do)
- Step 2: Refine the results further including and/or excluding users from certain groups
- Step 3: Select the users you want to deactivate, or hit the box on the top left corner to select all
- Step 4: Click on the “Choose Bulk Action” button, then select “deactivate” from the options
Method 3: Synchronization to an Identity Provider
If you company’s Single Sign On relies on an Identity Provider like Azure AD, ADFS, or Okta, then you can take their user directories as a single source of truth and easily deactivate Jira users. Cloud providers allow to set ahead-of-time provisioning schemes through their API so that your users already exist in the application before they even access.
This alternative is particularly useful when you want to deactivate users in Jira for the following reasons:
- First, to remove access to Atlassian applications for employees who have left the company.
- Second, to keep role-based authorizations up to date. For example, when an employee leaves the IT department, he should be removed from the corresponding groups.
You can install User and Group Sync to connect Atlassian Server and Data Center applications to your cloud Identity Providers via the API. Once you have installed the app, all you have to do is:
- Step 1: Configure the API connection to your IdP. Have a look at our setup guides for reference.
- Step 2: Map the user attributes in the Identity Provider’s user directory to the Jira user profile
- Step 3: Set restrictions by mandating which groups will have their users synchronized
- Step 4: Schedule the full sync to run periodically
We hope this article helps you decide on the best solution to set up a comprehensive user lifecycle management in Jira and your other Atlassian tools. Contact us if you need any help with the configuration of resolution’s user management apps.