Getting 403 while disabling the user via atlassian api

ramit_dhamija October 10, 2024

Hi there,

Recently we have automated the below api to disable user account : 

https://api.atlassian.com/users/{accountid}/manage/lifecycle/disable

It was working fine few days back and the users were getting disabled on atlassian but suddenly today while hitting the same api with the same credentials, we are getting below error  :

{"key":"forbidden.action","context":{"allowed":false,"reason":{"key":"externalDirectory.scim"}},"errorKey":"forbidden.action","errorDetail":{"allowed":false,"reason":{"key":"externalDirectory.scim"}}}

 

We haven't done any changes to our code and not sure why we are getting this error. Atlassian team please look into this matter, even the error message is not clear.

1 answer

0 votes
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 10, 2024

Hi @ramit_dhamija 

Is the api key used still active or valid?

ramit_dhamija October 10, 2024

It was generated on 4th october only, how can I check it's validity?

Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 10, 2024

Have a Jira admin check.

Was this created as a global token or on a specific user if so, does this specific user still has access and the correct permissions?

ramit_dhamija October 11, 2024

Screenshot 2024-10-11 at 1.41.40 PM.png

 

Hi @Marc - Devoteam 

The token that I'm using is valid till 31 december 2024. I have generated this token from admin.atlassian.com -> Settings -> API keys (attached screenshot of the same) and I'm assuming that this token would be created as a global token only. And yes, this user still have access to disable user from atlassian.

Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 11, 2024

Hi @ramit_dhamija 

Do you have an external directory connected like IDP or SSO and is the user you want to disable a managed user.

Then the disable can only be done from the external directory.

ramit_dhamija October 11, 2024

@Marc - Devoteam we do use Google SSO but I'm not sure what managed user is. Can you brief what is managed user?

And how can we further disable from the external directory?

We were able to disable users using the mentioned api before, not sure why we have started facing this issue suddenly.

Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 11, 2024

If you connect and a IDP or AD for SSO and the user are imported from that connection, these users a managed users as they are managed in the user. directory

Atlassian is not in charge of those users, on such users (if you show details), you see a lock icon.

Users that are managed can't be disabled via the API, only from the user directory side.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events