Hello everyone!
I'm hoping to get some answers here, for myself and others.
Use Case:
-Automate license removal of users who have been inactive for 30 days.
-Preferably, check each of the user's product licenses, then remove whichever one has been inactive for over 30 days.
How:
-I'm using an automation suite to run on a daily schedule and remove licenses based on the use case above.
Help needed:
Are there any REST API calls/examples/documentation that can help accomplish:
-Get a user's assigned license(s)
-Checks for last user activity on a given license
Thank you everyone for your attention and support!
-Tony
I've been doing more research and for the looks of it, there don't appear to be any APIs that can do what I'm asking. However, I'm thinking this route might work...
Bare with me as I am relatively new to this:
An admin can assign or remove a product license from a user in different ways:
With that being said.. I think I can still accomplish the license management automation that I initially stated. This is how:
Again this is still a concept and I have to develop it. I'm still unsure of how to determine if the user was inactive for one product but not the other.
I will keep updating.
-Tony
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Pawel Okroy I have been using this method to remove from the default user group and it has been working successfully.
I am a little more specific with my parsing though so I filter down the user export and based on a handful of predetermined criteria I provide a list of emails to the script and it removes them from the aforementioned groups.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Be careful with removing users solely based on their last active date. That date/data is notoriously inaccurate.
It only captures certain events the user does, so depending on how they use the product they might be marked incorrectly as inactive. E.g. org admins are less likely to go into a product like confluence, but they need confluence product access to manage it.
The data has been significantly delayed in the past, like being weeks old due to issues on Atlassian's side.
Generally, I’d recommend producing a list of potential users from the last active data, sanity check it, then feed that list/an updated list into your process to remove users. It’s less automated but you’ll have less headaches compared to having people complaining that they’ve lost access.
-Kieren
Co-Founder @ Admin Automations | Ex-Atlassian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.