Versions Compared

Old Version 4

changes.mady.by.user Mari Fuglem

Saved on

compared with

New Version Current

changes.mady.by.user Erik Turøy Midtun

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

These guides assume that you have set up and configured one of the supported Identity Providers, currently Microsoft Entra ID.

Problem description

If you’re using User Provisioning with IDP-synchronized groups to assign licenses, you may encounter the following circular problem with User Cleanup: 

  1. User Cleanup removes product access for users in Jira/Confluence. 

  1. Removed Jira/Confluence users will automatically regain access during the next synch with your Identity Provider. 

Solution options

To avoid this problem and enable license removal for users in IDP-synchronized groups, you have two options:

If your company prefers that user management across different software installations is handled in one central IDP, Automated User Cleanup & Deactivation has two options to support keeping the local Jira/Confluence user base in synch with the central IDP.

  1. Manage all product access groups in Atlassian: Shift your licensing groups to be managed directly through Atlassian.

  2. Set up an identity provider (IDP) within the app: By configuring an IDP, our User Cleanup app can generate CSV files listing users who need to be removed from an identity group. You can then remove these users using scripts or the IDP’s bulk removal tools.

This guide explains how to do option 2 for the currently supported IDPs:

  • Microsoft Entra ID

File export in Microsoft Entra ID

Info

Requires

  • User provisioning must be setup with Microsoft Entra ID

  • Some of the IDP synced groups must have licensing (Product access) tied to them

  • Users' UPN must be set to their email address. This is because we do not know the EntraID account IDs/ membership IDs.

  1. Configure what apps come from Entra ID. By hitting the Is user provisioning enabled? toggle.

    Screenshot 2024-11-04 at 11.23.49 UTC-20241104-112349.pngImage Added

    Screenshot 2024-11-04 at 11.28.38 UTC-20241104-112838.pngImage Added

  2. Select Microsoft Entra ID action in the cleanup creation form.

    Screenshot 2024-11-04 at 11.32.20 UTC-20241104-113300.pngImage Added

  3. Go to the Scheduleing Scheduling and Cleanup page -> History Export data button for the cleanup in question

    • A Dialog appears

      Screenshot 2024-11-04 at 11.35.08 UTC-20241104-113527.pngImage Added

  4. Click on the Identity provider exports option if it exists

    If it does not exist the cleanup did not have any users that should be affected in the cleanup.

...

  1. Download the CSVs for the groups you would want to do bulk actions on the users

Bulk remove users from groups Entra ID through the interface

  • Go to portal.azure.com login to your org. Go to the Group you want to remove the user from and go to the members list. It should have the same name in Atlassian and Entra ID.

...