Revoke user access to your organization

10 min

By the end of this lesson, you'll be able to:

  • Suspend a user from your organization
  • Remove a user from your organization
  • Restrict access to your apps with IP allowlists

Suspend a user

When org admins suspend a user, they can't access the organization they were suspended in. Org admins can always restore a suspended user from their user page to grant them the same access they had previously. You can suspend managed and unmanaged accounts.
👇 Click the tabs below to explore what happens when you suspend a user.
Suspended users are not searchable in user picker fields, such as Assignee.

Suspended users can remain suspended indefinitely until their access is restored or the user is removed.

An org admin or a user access admin can suspend a user either from the users list, or from the user detail page in the user directory.
To suspend a user’s access:
  1. Go to admin.atlassian.com and select your organization.
  2. From the sidebar, expand Directory.
  3. Select Users section.
  4. Select a user to open their user page.
  5. Select the menu at the top right of the page then select Suspend access.
  6. The user’s access is immediately suspended.
The user can no longer access any of the apps in your organization. An org admin can restore their access at any point, which will restore their app access and group memberships.

Suspended users are listed with the Suspended status in the users list, in Atlassian Administration.

Users who are not suspended are active users, even if they don’t have any app access granted.

Remove a user

When an org admin removes users, their access to the organization is no longer available. A user admin can also remove users with access to the apps they administer. You can remove managed and unmanaged accounts.
👇 Click the tabs below to explore what happens when you remove a user.
When an org admin or user admin removes a user, Atlassian removes them from the organization. They no longer have access to any of its apps and can’t collaborate with the team within that organization.

Removing a user from an organization will only remove them from that organization. If they are in other organizations, they still have access to those organizations.

An org admin or a user access admin can remove a user from the user detail page in the user directory.
To remove a user from your organization:
  1. Go to admin.atlassian.com and select your organization.
  2. From the sidebar, expand Directory.
  3. Select the Users section.
  4. Select the user to open their user page.
  5. Select the menu at the top right of the page and then select Remove user.
  6. Take note of the warning message and select Remove user again.
  7. The user is removed. They can't access any app in your organization.

Limit access to trusted networks with IP allowlists

Organization administrators often need to control who can access the apps and data on their sites based on where they are signing in from. In such cases, org admins can configure IP allowlisting to restrict access to Atlassian Cloud apps and APIs so users must connect from specific public IP addresses or CIDR ranges. This is a network access control that complements your existing authentication and authorization settings.
IP allowlisting helps ensure that users connect from trusted networks, such as your corporate office or VPN, and reduce the risk of unauthorized access from unknown locations.

IP allowlisting is enforced per app and per site. It is available on Premium plans for Jira, Jira Service Management, Confluence, and Compass, on Enterprise plans for Atlassian Analytics, and require at least one of these plans to use IP allowlist controls with Rovo.

How does IP allowlisting work?

When IP allowlisting is turned on:
  • Only traffic from allowed IP addresses or ranges can access your Atlassian Cloud apps and related APIs.
  • Any attempts from non‑allowlisted IPs are blocked before login, even if the user has a valid account.
  • Admin APIs, automation, and external integrations that call your app APIs must also originate from allowlisted IP addresses.
To set up IP allowlisting:
  1. Collect the public IP addresses or CIDR ranges your users connect from.
  2. Go to admin.atlassian.com and select your organization.
  3. Expand Security then Device security.
  4. Select IP allowlisting.
  5. Select Create IP allowlist.
  6. Provide a name relevant to the location or IP addresses you want to allow.
  7. Select Next.
  8. Select the apps that users can access from IP addresses or locations in the IP allowlist.
  9. Select Next.
  10. Choose between adding an IP address or a Location.
  11. Select a location or add IP addresses and ranges.
  12. Select Create IP allowlist.
  13. Test access by confirming that users on allowed networks can still sign in and that users on non-allowed networks are blocked.

When to use IP allowlisting

👇 Click the tabs below to explore when to consider IP allowlisting.
You want users to access Atlassian Cloud only from your corporate network or VPN.
How was this lesson?

Community

Forums

FAQsForums guidelines

Learning

About learningResources

Events

Champions

Copyright © 2026 Atlassian
Report a problemPrivacy PolicyNotice at CollectionTermsSecurityAbout