Groups & Access Control in Atlassian Cloud
What Are Groups in Atlassian Cloud?
Groups are foundational for permission and product access in Atlassian Cloud:
They allow admins to manage access for multiple users at once by assigning permissions and licensing on a group level.
Users inherit access from group membership.
Created and maintained via admin.atlassian.com → Directory > Groups, within the centralized admin experience.
Organization Admins and Site Admins (for specific sites) can create, edit, and delete groups, provided the groups are not managed by SCIM/Identity Provider.
Creating a Group
Log into admin.atlassian.com.
Navigate to Directory > Groups.
Click Create Group, enter name, members, and optional description.
Editing / Deleting Groups
Editable via Directory > Groups and click on the group name.
Add or remove members, manage description and product access.
Group name editing is available as a beta feature.
Note: Renaming a group is a beta feature. It can impact apps in unexpected ways, depending on your group's app settings.
To safely rename a group, please create a new one with the desired name.
Alternatively, you can add or remove members and manage product access via the meatball menu under Actions on the main Groups page.
Default Groups
When an admin grants users app access via admin.atlassian.com, Atlassian automatically places users into default groups like jira-software-users-<sitename>.
Organization Admins can change which group is the default for an app; User Access Admins cannot.
Troubleshooting Group Management (Common Scenarios)
User Access Admin limitations:
Cannot configure default groups for apps - they must ask an Organization Admin.
Cannot grant access to an app if the default group also grants access to apps they don’t manage.
For example: if the default group for Jira also includes Confluence, a Jira-only User Access Admin cannot grant access to that default group.
Cannot remove a user’s access if they belong to multiple groups providing the same app access (unless they also manage all those apps).
Cannot remove a user provisioned by SCIM/IDP from a group - only Organization Admins can manage IDP-synced group membership.
SCIM and Product Access Groups
SCIM-managed groups are read-only across all of Atlassian Cloud, not just in this app. You cannot add or remove users from SCIM groups in admin.atlassian.com either.
To work around this limitation, use Automated Tasks to map IdP group memberships to product access groups. Keep your SCIM groups as the source of truth for user membership in your IdP, then let the app automatically assign users to the correct product access groups (such as jira-software-users or confluence-users). This also enables parallel deactivation: removing a user from an IdP group triggers automated removal from all mapped product access groups.
What User Management & License Optimizer can do
User Management & License Optimizer works within Jira to enhance group-based user management does not replace Atlassian’s group features:
Feature / Action | Atlassian Cloud Admin (admin.atlassian.com) | User Management & License Optimizer |
|---|---|---|
Create/Delete/Rename Groups | yes | not yet |
Add/Remove Users from Groups | yes | yes |
Manage default groups or app access assignments | yes | not yet |
Sync groups from IDP/SCIM | yes | (future visual-only indicator) |
Group membership changes impact licenses and access | yes | yes |
Key points:
Group management (create/edit/delete)-only in admin.atlassian.com, not in the User Management & License Optimizer app.
In User Management & License Optimizer, admins can add or remove users from existing groups, including via bulk operations and automated tasks.
User Management & License Optimizer shows a visual indicator (darker grey) for groups that currently provide app access.
Upcoming feature: You will visually annotate groups that are IDP-managed, alerting admins that manual edits will not apply to those groups.
Related Pages
Performing Bulk Operations - Add or remove users from groups
User Roles & Permissions - User role definitions
Searching and Filtering - Filter users by group membership