Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

OKTA users removed from AD group do not go away when removed from that AD grouo

Mike Bell
Mike Bell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2024

I have Atlassian Access setup with OKTA auth via AD push groups. Everything is working as expected... When I add users to AD group they appear in managed accounts and they can access what is setup via the groups.

The issue is when I remove a user from the AD group, that account in Atlassian Access Managed groups shows as DEACTIVATED, but does not go away. I am unable to delete the account either. Will this account go get removed from Atlassian access after a specific amount of time has passed? 

Thanks,

 

Mike

Answer
Watch
Like Be the first to like this
863 views

2 answers

1 accepted

0 votes
Answer accepted
Mike Bell
Mike Bell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2024

I found other issues with this user that may bar it from being an actual repeatable issue. I will try this again shortly to see if this was a on-off or not. 

Reply
0 votes
Trudy Claspill
Trudy Claspill
Community Champion
January 31, 2024

I am working in an environment with a similar configuration.

What I have observed is that when the user account has been deactivated in AD and the synch then happens to Atlassian Access, the user's account shows as Deactivated in Cloud. If the user is then removed from User Groups in AD, the synch to Atlassian Access does not remove them from the same groups in Cloud.

When I asked the infrastructure team (the internal team that set up AD, Okta, and Atlassian Access), they told me that if the user is first deactivated in AD, then any subsequent group membership changes will be ignored in the synch process to Atlassian Access.

I don't know if that is due to a specific configuration in the environment, or if that is built-in/standard functionality of this sort of integration.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security