Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Azure Provisioning - Oops - Provisioned everything!

Jennifer Osborn July 9, 2021

In re-setting up the user provisioning (in a new Azure Atlassian Cloud app) I apparently managed to sync everything from AD, including shared mailbox "users," other non-staff user accounts and every group in the directory.  Gak. Shake-fist.

The question now is - how do I effectively REMOVE all of this?  (cleanup on Aisle 8, please)

I can manually remove groups - a pita, but do-able.  But I can't seem to remove users - they're all "managed by my identity provider." 

If I  nuke the App in Azure AD and remove the directory in Atlassian Access, will that allow me to remove all of this excess baggage I didn't want/mean to add?

FWIW - I set up the app to include only a single group with 1 user. Yet, I managed to slurp in it all. 

Hrumph for learning the hard way. Thanks in advance for your insights. 

1 answer

Suggest an answer

Log in or Sign up to answer
1 vote
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 11, 2021

Hi @Jennifer Osborn ,

Unfortunately removing the app in Azure AD and deleting the directory won't remove the accounts on the Atlassian side. If you remove all of these non-"users" from the app in Azure AD, then the accounts will get deactivated on the Atlassian side (so at least you won't get billed for them)

If you would like to fully clean them up, you will need to delete the accounts on the Atlassian side. It's not possible to do this in bulk or via API as far as I know, but it can't hurt to contact Atlassian support as we may have an internal way to do it.

>I set up the app to include only a single group with 1 user. Yet, I managed to slurp in it all.

Hmm, I'm not an Azure AD expert so I'm not sure what could have caused this. I'm looking at the "Tip" on this page and perhaps this was the cause? https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/define-conditional-rules-for-provisioning-user-accounts

Screen Shot 2021-07-11 at 6.25.09 PM.png

Jennifer Osborn July 14, 2021

Hi Dave! Thank you for the response. 

I've manually (sigh) removed the full directory of groups, and with a little patience (I'm not sure what changed) I was able to delete the user/service accounts that had no business in our Atlassian Access suite.

It was a time consuming, "click each user, delete, confirm, confirm, return to list, repeat," but it's done. 

Feature request - bulk management in Access :)

Like # people like this
TAGS
AUG Leaders

Atlassian Community Events