User Management and License Optimizer for Jira and ConfluenceUser Management and License Optimizer for Jira and Confluence

Organizations and Sites

In Atlassian, the concepts of "Organizations" and "Sites" are fundamental to how user data is structured and managed. User Management and License Optimizer is designed to centralize and simplify the management of these concepts.

Organizations

An Organization represents the top-level entity, typically your company or department. It's the container for all your sites and users. You manage settings that apply globally to all sites from the organization level. In Atlassian Cloud, this is the highest administrative level (admin.atlassian.com). Organization Admins have control over users, groups, apps, and security policies for the entire company.

Sites

A Site is a connected instance of your Organisation. Each site has its own set of Atlassian Apps, users, groups, and permissions. User Management and License Optimizer connects to all sites of your organization and manages them centrally, simplifying administration. In Atlassian Cloud, a Site is a container where you can install and organize Atlassian apps (e.g., yoursite.atlassian.net). Each site can have different apps like Jira and Confluence, but only one instance of each app type per site.

Key things to know:

  • A single user account exists at the organization level and can have access to multiple sites within that organization.

  • Groups can be local to a site or used across multiple sites

  • Permissions are controlled via groups. A group can give access to one site or multiple sites, since groups exist on the org level

    • Example site-specific groups (default Atlassian): You have two sites (cloud-ai-apps1, cloud-ai-apps2), and the jira access is managed with separate groups per site (jira-users-cloud-ai-apps1, jira-users-cloud-ai-apps2)

    • Example multi-site groups: You have two sites (cloud-ai-apps1, cloud-ai-apps2), and the jira access is managed with one group (jira-users).

How it works in Atlassian Cloud

Your User Management and License Optimizer app resides on one Jira instance within your Atlassian Cloud environment, serving as a single, unified interface that allows to manage your whole organization by using an Origanization API Key. This setup ensures centralized control while enabling flexible delegation.

Organization Admins

  • The highest permission level in Atlassian Cloud.

  • Manage the entire organization from admin.atlassian.com.

  • Only Organization Admins can assign or remove Organization Admin or Site Admin roles.

Site Admins

  • Administrators for a specific Atlassian site.

  • Manage users, groups, and apps for their site only, without access to global organization settings.

  • Can use the User Management and License Optimizer to manage their site’s users and licenses.

Product Admins

  • Administrators for a specific Atlassian product (e.g., Jira Software, Confluence).

  • Can configure product-level settings but normally cannot access global organization settings.

  • In the App Access Control settings of the User Management and License Optimizer, Organization Admins can choose to grant them app usage rights.

User Access Admins

  • Have permissions to manage user accounts and access settings across the organization.

  • Typically do not have product access themselves unless explicitly granted.

  • To use the User Management and License Optimizer, User Access Admins must also have Jira access, as the app runs inside Jira. Without Jira access, they cannot interact with the app interface.

Important Access Implication

When you grant Product Admins or User Access Admins access to the User Management and License Optimizer app, they receive full access to the entire organization within the app.

  • The app does not enforce the usual Atlassian role limitations.

  • These users will have unrestricted ability to view and modify all organization users, groups, bulk changes, and tasks.

  • Effectively, granting app access to these roles elevates them to an Organization Admin equivalent inside the app.

App Access Control in Practice

By default, only Organisation Admins can configure the app. However, using the App Access Control settings, Organization Admins can enable additional roles:

  • Allow Product Admins – Grants usage to all product admins with full organization access inside the app.

  • Allow User Access Admins – Grants usage to user access admins who also have Jira access, with full organization access inside the app.

This role-based approach allows centralized oversight by Organization Admins but must be assigned with caution, as any granted role gains unrestricted management capabilities across the entire organization.