Skip to content

Groups & Access Control in Atlassian Cloud

What Are Groups in Atlassian Cloud?

Groups are foundational for permission and product access in Atlassian Cloud:

  • They allow admins to manage access for multiple users at once by assigning permissions and licensing on a group level.

  • Users inherit access from group membership.

  • Created and maintained via admin.atlassian.comDirectory > Groups, within the centralized admin experience.

  • Organization Admins and Site Admins (for specific sites) can create, edit, and delete groups.

Creating a Group

  1. Log into admin.atlassian.com.

  2. Navigate to Directory > Groups.

  3. Click Create Group, enter name, members, and optional description.

Admin.atlassian Create Groups.webp

Editing / Deleting Groups

  • Editable via Directory > Groups and click on the group name.

  • Add or remove members, manage description and product access.

  • Group names can now be changed.

    • Editing a group's name is a beta feature. It can impact apps in unexpected ways, depending on your group's app settings.

  • To safely rename a group, please create a new one with the desired name.

Admin.atlassian Edit or Delete Group.webp
  • Alternatively, you can add or remove members and manage product access via the meatball menu under Actions on the main Groups page.

Admin.atlassian Edit Group.webp

Default Groups

  • Atlassian auto-places users into default groups like jira-software-users-<sitename> when they access a product.

  • Organization Admins can change which group is the default for an app; User Access Admins cannot.

Troubleshooting Group Management (Common Scenarios)

User Access Admin limitations:

  • Cannot configure default groups for apps - they must ask an Organization Admin.

  • Cannot grant access to an app if the default group also grants access to apps they don’t manage.

    For example: if the default group for Jira also includes Confluence, a Jira-only User Access Admin cannot grant access to that default group.

  • Cannot remove a user’s access if they belong to multiple groups providing the same app access (unless they also manage all those apps).

  • Cannot remove a user provisioned by SCIM/IDP from a group - only Organization Admins can manage IDP-synced group membership.

What User Manager & License Optimizer can do

User Manager and License Opitmizer works within Jira to enhance group-based user management does not replace Atlassian’s group features:

Feature / Action

Atlassian Cloud Admin (admin.atlassian.com)

User Manager & License Optimizer

Create/Delete/Rename Groups

yes

not yet

Add/Remove Users from Groups

yes

yes

Manage default groups or app access assignments

yes

not yet

Sync groups from IDP/SCIM

yes

(future visual-only indicator)

Group membership changes impact licenses and access

yes

yes

Key points:

  • Group management (create/edit/delete)-only in admin.atlassian.com, not in the User Management & License Optimizer app.

  • In User Management & License Optimizer, admins can add or remove users from existing groups, including via bulk operations and automated tasks.

  • User Management & License Optimizer shows a visual indicator (darker grey) for groups that currently provide app access.

  • Upcoming feature: You will visually annotate groups that are IDP-managed, alerting admins that manual edits will not apply to those groups.