Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Jira
Questions
Getting 403 while disabling the user via atlassian api

Getting 403 while disabling the user via atlassian api

Hi there,

Recently we have automated the below api to disable user account :

https://api.atlassian.com/users/{accountid}/manage/lifecycle/disable

It was working fine few days back and the users were getting disabled on atlassian but suddenly today while hitting the same api with the same credentials, we are getting below error :

{"key":"forbidden.action","context":{"allowed":false,"reason":{"key":"externalDirectory.scim"}},"errorKey":"forbidden.action","errorDetail":{"allowed":false,"reason":{"key":"externalDirectory.scim"}}}

We haven't done any changes to our code and not sure why we are getting this error. Atlassian team please look into this matter, even the error message is not clear.

1 answer

0 votes

Hi @ramit_dhamija

Is the api key used still active or valid?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

It was generated on 4th october only, how can I check it's validity?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Have a Jira admin check.

Was this created as a global token or on a specific user if so, does this specific user still has access and the correct permissions?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Screenshot 2024-10-11 at 1.41.40 PM.png

Hi @Marc - Devoteam

The token that I'm using is valid till 31 december 2024. I have generated this token from admin.atlassian.com -> Settings -> API keys (attached screenshot of the same) and I'm assuming that this token would be created as a global token only. And yes, this user still have access to disable user from atlassian.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Hi @ramit_dhamija

Do you have an external directory connected like IDP or SSO and is the user you want to disable a managed user.

Then the disable can only be done from the external directory.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Marc - Devoteam we do use Google SSO but I'm not sure what managed user is. Can you brief what is managed user?

And how can we further disable from the external directory?

We were able to disable users using the mentioned api before, not sure why we have started facing this issue suddenly.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

If you connect and a IDP or AD for SSO and the user are imported from that connection, these users a managed users as they are managed in the user. directory

Atlassian is not in charge of those users, on such users (if you show details), you see a lock icon.

Users that are managed can't be disabled via the API, only from the user directory side.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

CLOUD

PRODUCT PLAN

STANDARD

TAGS

Community showcase