Hi there,
Recently we have automated the below api to disable user account :
https://api.atlassian.com/users/{accountid}/manage/lifecycle/disable
It was working fine few days back and the users were getting disabled on atlassian but suddenly today while hitting the same api with the same credentials, we are getting below error :
{"key":"forbidden.action","context":{"allowed":false,"reason":{"key":"externalDirectory.scim"}},"errorKey":"forbidden.action","errorDetail":{"allowed":false,"reason":{"key":"externalDirectory.scim"}}}
We haven't done any changes to our code and not sure why we are getting this error. Atlassian team please look into this matter, even the error message is not clear.
Is the api key used still active or valid?
It was generated on 4th october only, how can I check it's validity?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have a Jira admin check.
Was this created as a global token or on a specific user if so, does this specific user still has access and the correct permissions?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The token that I'm using is valid till 31 december 2024. I have generated this token from admin.atlassian.com -> Settings -> API keys (attached screenshot of the same) and I'm assuming that this token would be created as a global token only. And yes, this user still have access to disable user from atlassian.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Do you have an external directory connected like IDP or SSO and is the user you want to disable a managed user.
Then the disable can only be done from the external directory.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Marc - Devoteam we do use Google SSO but I'm not sure what managed user is. Can you brief what is managed user?
And how can we further disable from the external directory?
We were able to disable users using the mentioned api before, not sure why we have started facing this issue suddenly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you connect and a IDP or AD for SSO and the user are imported from that connection, these users a managed users as they are managed in the user. directory
Atlassian is not in charge of those users, on such users (if you show details), you see a lock icon.
Users that are managed can't be disabled via the API, only from the user directory side.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.