Delete the Users from Directory

IT Group February 21, 2024

Hello,

I have been testing migrating from our Server Jira instance to the cloud and notice the Directory now contains multiple redundant users. I would like to start fresh and remove all users from that directory. Is there a way to do so?

Thanks,

Saurabh

2 answers

0 votes
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2024

Hello, @IT Group 

Assuming by directory you mean "managed users in Cloud" i.e. users from your email domain – you should really not spend too time much worrying about them being there, trying to delete. Deletion request is treated by Atlassian as a privacy-related "forget me" request, leaves "Former User" references in data, gives you time to change your mind and as such takes time...

If you really are just interested in progressing with migration, anyone who is redundant – should be just deactivated in Cloud after you finish migration.

You can do it in bulk using our app User Management for Jira Cloud on a trial license – it can connect to Atlassian Access, and lets you run Bulk User Actions e.g. deactivation or reactivation, based on last login date or a CSV file, filtering by Cloud account id.

You can export the users into CSV using the app too (to select the redundant ones) and the use that at the filter, or install the same app on Server/DC (you can use DC evaluation license for the app even on a Server Jira) and export users from there, then do a lookup in Excel matching by email against the Cloud user list, to retrieve the Cloud account id. The feature to filter by email addresses is coming soon. 

If by "directory" you mean users on the site – if you connect the app to the Jira Cloud "source" instead – you can delete users from your site (without deleting them in Cloud). 

Even if you decide not to keep the app – a review on Marketplace would help us a lot!

If you have any questions whatsoever, don't hesitate to reach out to our 24x7 support via Service Desk or chat on the website

0 votes
Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 21, 2024

@IT Group 

If you remove/delete the users from the Jira server and then you migrate the data over to the Jira cloud, the deleted users will be shown as "Former user". You can go ahead with this if you are okay with contributions or any user that is deleted is shown as a "Former user"

Instead, you could also think of just revoking the application access, and then you can remove those in the cloud who are not in the company anymore.

Integrating SAML SSO is also better option were you can manage the application access through IdP

Hope this clarifies

Thanks,
Pramodh

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2024

@Pramodh M Jira Server/DC will not let you delete users if they are referenced somewhere in the data. This problem only applies to Confluence. Unless you mean "delete" as "delete the whole directory"?

Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 21, 2024

@Ed Letifov _TechTime - New Zealand_ Yes you are right, Jira will not let you delete the user if referred in components, an assignee, reporter, or a project lead.

Another good option might be to just anonymize the user instead of deleting, if not possible. 

I was not mentioning about the whole directory

IT Group February 21, 2024

I plan on using Azure AD, however since I was testing the migration of the server instance, it migrated the users as well. So if I am understanding it correctly that after the projects, data etc is migrated, I can setup Azure AD as IdP and then remove those not needed? Currently I have more than 500 users, what's a good way to bulk remove them?

Thanks.

-S  

IT Group February 21, 2024

So what is a good way to delete the directory in the Cloud?

-S

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2024

@IT Group see my other answer about "the good way"

Azure AD will "take over" the users that match by email, and from that moment if a user is disabled/enabled in AD – this will be reflected to Cloud, same as group membership. If a user disappears from the scope of sync – the user will be disabled in Cloud too. See this page for details: https://support.atlassian.com/provisioning-users/docs/understand-user-provisioning/

However, IdP won't do anything to those redundant users who already exist in Cloud but not in AD (i.e. long gone remnants that were pushed from the Server during migration) – you should deactivate them as described.

Our recommendation (we are a Platinum Atlassian Solution Partner in New Zealand and Australia) is NEVER to delete a user in Cloud (as it leaves "Former User" references – i.e. no traceability), unless it is in fact a privacy "forget me" request or the account is clearly an incorrect i.e. unverified one.

Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 21, 2024

You cannot delete the directory in cloud and should not be performed in server as well.

These users are required on cloud Atlassian site. Now if we talk about those that are not needed, just remove those users once they users are migrated over to the Cloud and then integrate AD. This should work.

 

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2024

@Pramodh M 

The main problem that unlike Jira Server/DC that will not let you delete a user record that has references in the data – Cloud will happily delete and anonymise the data.

There is really no easy way to tell if a user who looks "redundant" now didn't create an issue or leave a comment or edited something 2 years ago while on Server.

So, our advice is always: don't "remove", don't "delete" – only "deactivate"

Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 21, 2024

Yes, I agree. I believe the reference is made only for those accounts that are redundant meaning, they might have left the company or they might be duplicates. Either way, we way to take an action on those atleast!

IT Group February 21, 2024

Thank you all for this information. The scenario I have is slightly different. These were test migrations and even one through a sandboxed environment. So before I run a migration for a production environment, I would like the Directory to be empty. But it seems like there doesn't seem to be an easy way to do so except using the User Management app.

Thanks.

-S

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2024

@IT Group 

The Directory contains all your managed (i.e. from your email domains) users across the whole cloud, not just your sites – in other people sites, Trello, University, this very Community.

Atlassian's migration tools are smart enough to MERGE whatever is coming from Server to Cloud. A clean empty directory at the target is not a pre-requisite and can't be achieved in the first place for many organisations.

Imagine these scenarios:

1) You've migrated, into a site with an emptied directory, only pushed your current users. Everything looks perfect and life is bliss. Go forward 2 years. New people joined, but some people left. Once they leave you don't want to delete them, you deactivate. So your directory is not "active users only".

2) Your organisation has been using Cloud in some form (e.g. with Trello) before this migration, so you already have some users in Cloud – some are active, some deactivated. Now you need to do the migration – you can't delete users who are using another product right now. So you push extra 2000 users, then deactivate 1500 of these. Same result in terms of directory.

So, don't worry about the directory state before migration. Only worry about deactivating users after migration. Deactivated users can't login and don't affect billing – so who cares if they are there?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events