Problem description

If you’re using User Provisioning with IDP-synced synchronized groups to assign licenses, please note that our app cannot directly remove users from these groups.To you may encounter the following circular problem with User Cleanup: 

1. User Cleanup removes product access for users in Jira/Confluence. 

2. Removed Jira/Confluence users will automatically regain access during the next synch with your Identity Provider. 

Solution options

To avoid this problem and enable license removal for users in IDP-synchronized groups, you have two options:

1. Manage all product access groups in Atlassian: Shift your licensing groups to be managed directly through Atlassian.

2. Set up an identity provider (IDP) within the app: By configuring an IDP, our User Cleanup app can generate CSV files listing users who need to be removed from an identity group. You can then remove these users using scripts or the IDP’s bulk removal tools.

This page guide explains how to do option 2 for the currently supported IDPs:

File export in Microsoft Entra ID

1. Configure what apps come from Entra ID.

2. Select Microsoft Entra ID action in the cleanup creation form.

3. Go to the Scheduleing and Cleanup page -> History Export data button for the cleanup in question

   • A Dialog appears

4. Click on the Identity provider exports option if it exists

   • If it does not exist the cleanup did not have any users that should be affected in the cleanup.

5. Download the CSVs for the groups you would want to do bulk actions on the users

...