@Mark J Cunningham ,

Please notice this thread is from 2019 and many things might have been changed in the meantime. In these cases is always better to create a new thread instead of adding a reply to something that might be outdated.

Once this has been said, depending on what you are trying to achieve:

• You can use the DELETE users REST API endpoint for Jira Cloud (DEL/rest/api/3/user) that removes the user from the site (does not delete the Atlassian Account)
• You can use the Remove user from group REST API endpoint (DEL/rest/api/3/group/user) to remove the user from the desired product access groups, if you want to leave the user in Jira, even if without any product access 

I hope this helps.

Cheers,
Dario

Delete only works if they have not made a comment, assignee or reporter.

Remove user from group, is fine but they are still marked as active.

Deactivate user only works for managed domain accounts, and only if not integrated with SSO

Just looking for a cloud version of the server PUT version that allowed you to set the active status to either true or false

There are multiple tickets and threads on this, and seems strange that this still cannot be done.

Part of this work is so that we can implement least privilage for people to onboard and offboard users, without making them either site admin, trusted or product admins

As those roles/groups provide too much access, and allow those users to add marketplace apps without permission, and change permissions, etc

Currently have project with linked automations that:
Adds user to instance, adds user to AAD, adds user to relevant AAD groups, adds non federated users to relevant Atlassian groups
Removes from same
Deletes from same where possible

What we are also having to do is have a dummy group to load leavers into so they can be manually "switched off" (active to false)

Which prevents mistaken or disgruntled re-access.

What would be great is for this to be achievable via the REST API, in a similar way the existing server version can do it

@Mark J Cunningham , 

Unluckily there's currently no REST API endpoint available to do so. We have multiple feature requests open in our system for this but they didn't get enough traction so far:

• https://jira.atlassian.com/browse/JRACLOUD-44801
• https://jira.atlassian.com/browse/ID-7711
• https://jira.atlassian.com/browse/JRACLOUD-37294
• https://jira.atlassian.com/browse/JRACLOUD-70752

You may want to vote and watch above FR so that you will be notified in case of any progress/update.

Those date back nearing 10 years ago, and still have not made it to the sprint backlog?

[JRACLOUD-37294] Allow set active/inactive via REST API - Create and track feature requests for Atlassian products.

• created 03/Mar/2014
• 216 votes

[JRACLOUD-44801] JIRA API disabling users - Create and track feature requests for Atlassian products. 

• created 14/Aug/2015 
• 396 votes

[JRACLOUD-70752] Provide public REST APIs for user management as in server - Create and track feature requests for Atlassian products.

• created 11/Oct/2018
• 28 votes

[ID-7711] REST API to activate/deactivate users - Create and track feature requests for Atlassian products.

• created 16/Jun/2020
• 87 votes

No wonder its not reached what ever threshold here is for being pulled into a sprint, when the votes are divided across aged tickets

Hi @Dario B

Now, we used Jira Cloud and this api is the version2.

But now is version3. I will try the User Management REST API to do this.

Thanks.

Regards,

Eric

Thanks @eric_kao ,

Let us know how it goes, or just accept the answer if this helps 

Hi @Dario B ,

Are there any example code about disable users?

I have tried to use the User Management REST API but still can't disable users.

Hi @eric_kao ,

Examples showing how to disable users via REST API using cURL, Node.js, Java, Python and PHP are available in the documentation page itself:

When sending the request, kindly make sure that:

1. You are trying to disable a managed account for the organization you are set as an administrator (ht****e).
2. You are setting in the endpoint URL the correct AccountID for the user you want to disable
3. You are using a valid API Key to authenticate the REST API call

If this still doesn't work, please try to send the request using Curl as shown in below example and paste the result in your answer (make sure to remove the sensitive content):

curl -D- -H 'Authorization: Bearer <ADMIN API KEY HERE>' -H 'Content-Type: application/json' -d '{ "message": "SOME MESSAGE"}' -X POST https://api.atlassian.com/users/<ACCOUNT ID TO DISABLE>/manage/lifecycle/disable

Cheers,
Dario

Hi @Dario B ,

I would like to manage with API requests the revoke/grant access for customers created in Jira Service Desk (Cloud) with :

curl --request POST \
  --url 'https://your-domain.atlassian.net/rest/servicedeskapi/customer' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "displayName": "Fred F. User",
  "email": "fred@example.com"
}'

My role is site admin, is there a way to do this ?

When I'm using the "Disable user" request I get error 401 unauthorized.

Thanks for your answer,
Cheers,

Anne

EDIT : I post the question here.

Hi @[deleted] ,

The REST API endpoint provided in here is only intended to be used with  managed accounts for the organization you are set as an administrator for (if any), and it is not intended to be used to disable portal only (Jira Service Desk) customers.

However, in order to avoid mixing different topics, I will reply adding more details in the other thread.

@eric_kao , did the answer help? Can you kindly accept it in case it was useful? 

Cheers,
Dario

Hi @Dario B 
I am a site admin and when I am using my API token, I am able to remove users from groups using python requests library.
Also, I can remove site access for users manually.
But when I trying to this via the management APIs (removing site access for users) I am getting 401

Can you tell me where I am going wrong?

curl -D- -H 'Authorization: Bearer <'AUTH_token'> -H 'Content-Type: application/json' -d '{ "message": "SOME MESSAGE"}' -X POST https://api.atlassian.com/users/<user_id>/manage/lifecycle/disable

Python:

@akash.chakraborty 

Please notice that API Token and API Key are 2 different things. You may want to check you are using the right one in your call.

For more details, please review: 

• https://developer.atlassian.com/cloud/admin/user-management/delete-managed-account/#delete-account

I hope this helps.

Hi @Dario B 

I may have made a mistake while typing my query
I already have the API Token with which I am able to remove users from groups via API calls.
But using the same token I am not able to remove site access to users, which otherwise I can do manually.
Also, I can delete accounts.
Just cannot revoke access.

Please let me know what can I do

Hi @Dario B ,
Just adding on to, only the api calls like these are giving probelms (401)

POST/users/{account_id}/manage/lifecycle/disable

POST/users/{account_id}/manage/lifecycle/enable

POST/users/{account_id}/manage/lifecycle/delete

POST/users/{account_id}/manage/lifecycle/cancel-delete

Reference: https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-lifecycle/#api-group-lifecycle 

@akash.chakraborty 

As already mentioned in my previous message API Token and API Key are 2 different things and are used to call different REST API endpoints:

• The API Token is used to authenticate the Jira, JSW, and JSM REST API endpoints and indeed the endpoint to manage groups is a Jira REST API endpoint
• The  API Key used to authenticate REST API calls to manage your organization via the admin APIs.:
  • Organizations REST API: Get information about your organizations and the users in those organizations.
  • User management REST API: Administer your organization’s managed accounts.
  • User provisioning REST API: Write your own integration with an external directory using SCIM.

Please review the documentation on how to authenticate REST API calls against the User management REST API REST API and pay attention to the fact that, together with the authentication method, also the URL to be used to call those endpoints is differnet.