Performing Bulk Operations

This guide covers the essential knowledge for performing bulk operations in User Management & License Optimizer, focusing on how each operation works and what you need to know to use them effectively.

Remove App Access

Remove users' access to specific Atlassian applications while maintaining their accounts and non-product group memberships.

How It Works

The Remove App Access operation:

• Removes users from application-specific access groups automatically

• Immediately revokes access to selected applications

• Preserves user accounts, data, and non-product groups

• Updates billing automatically at the next cycle

• Allows selective removal (specific apps) or complete removal (all apps)

Configuration Options

Option A: Specific Applications

1. Select "Removes user access to specific applications"

2. App tiles appear showing available applications

3. Click on app tiles to select them (blue checkmark appears)

4. Each tile shows the app icon, name, and site it belongs to

Option B: All Applications

1. Select "Select All" option

2. Removes access from every application across all sites

3. Use with caution - this is complete access removal

Impact and Effects

Immediate Effects:

• Users lose access within seconds to minutes

• Cannot log into removed applications

• Receive "access denied" messages when attempting access

• Automatically removed from app-specific access groups

Billing and License Impact:

• License count decreases immediately in your organization

• Billing adjustments occur at the next billing cycle

• Cost savings visible in organization admin dashboard

Data Preservation:

• All user-created content remains intact (issues, pages, comments)

• Content attribution preserved

• Historical data and audit logs maintained

Multi-Site Behavior

When working with multiple sites:

• Each app tile shows which site it belongs to

• Users may have the same product on multiple sites

• Can remove from specific sites while maintaining others

• Site-specific groups are handled automatically

Example: Remove production access but maintain staging

• Select only production site applications: Jira Software (Production)

• Leave staging applications unchecked: Jira Software (Staging)

• Result: Users retain staging access while losing production access

Suspend User

Temporarily suspend user accounts from accessing any Atlassian services while preserving all account data and settings.

How It Works

Suspension is a comprehensive security action that:

• Disables account access entirely across all Atlassian services

• Affects all sites and applications immediately

• Preserves account data, settings, and group memberships

• Requires administrative reactivation to restore access

• Cannot be applied to Organization Administrators (automatic protection)

Suspension Process

1. Select users in the User Browser

2. Open Bulk Operations modal

3. Check "Suspend User" checkbox

4. Review warnings about reactivation requirements

5. Note admin exclusion warning (org admins automatically protected)

6. Click Apply to execute

Post-Suspension Effects

• Users appear as "Suspended" in User Browser

• Cannot authenticate to any Atlassian service

• API tokens and OAuth tokens are invalidated

• Active sessions terminated across all sites

• Group memberships preserved for future reactivation

Suspension vs. App Access Removal

Security Features

Automatic Admin Protection:

• Organization administrators cannot be suspended

• Prevents accidental administrative lockouts

• Cannot be overridden

• Protected users identified in operation results

Immediate Security Effects:

• Active sessions terminate across all sites immediately

• API access revoked - all tokens invalidated

• OAuth connections severed

• Multi-factor authentication settings preserved for reactivation

Reactivation Requirements

Current Process (Bulk reactivation not yet available):

1. Navigate to admin.atlassian.com

2. Go to Directory > Users

3. Find and select the suspended user

4. Click reactivation option and confirm

5. User regains all previous access and group memberships

Group Management

Add or remove multiple users from groups to manage permissions, access, and organizational structure.

Understanding Group Types

Product Access Groups:

• Format: {product}-users-{sitename}

• Examples: jira-software-users-main, confluence-users-documentation

• Control application access

• Automatically managed during app access operations

Custom Groups:

• Created by administrators for organizational needs

• Examples: engineering-team, external-contractors, project-alpha-team

• Used for project access, departments, or role-based permissions

• Full administrative control over membership

System Groups:

• Reserved groups with special functions

• Examples: site-admins, system-administrators

• Connected to administrative privileges

• Exercise caution when modifying

Add to Groups

Process

1. In Bulk Operations modal, check "Add to Groups"

2. Use dropdown to search for and select groups

3. Select multiple groups as needed

4. Review selections and apply

Key Considerations

• Check existing memberships to avoid redundancy

• Understand what permissions each group grants

• Review license implications of group membership

• Consider interactions between different groups

Remove from Groups

Process

1. In Bulk Operations modal, check "Remove from Groups"

2. Search for and select groups to remove users from

3. Select multiple groups if needed

4. Verify selections and apply

Critical Considerations

Permission Dependencies:

• Some groups may be prerequisites for others

• Removal might affect access to multiple systems

• Administrative groups have cascading effects

High-Risk Groups:

• Administrative and privileged access groups

• Single sign-on or authentication groups

• MFA enforcement and security groups

Multi-Site Group Behavior

Site-Scoped Groups:

• Associated with specific sites

• Examples: jira-software-users-production, site-admins-documentation

• Grant access to applications on specific sites only

Organization-Wide Groups:

• Span across all sites

• Examples: engineering-team, senior-developers

• Used for global policies and cross-site collaboration

Combining Operations

Execution Order

1. First selected checkbox executes first

2. Subsequent checkboxes follow in selection order

3. System processes each operation completely before starting the next

Changing Order

To modify execution sequence:

1. Deselect all checkboxes to reset

2. Re-select checkboxes in desired order

3. New sequence will be applied

Strategic Sequencing

Clean Transition (Moving users between teams):

1. First: Add to new groups (grants new access)

2. Then: Remove from old groups (removes old access)

3. Result: No access gaps during transition

Security Reduction (Reducing privileges):

1. First: Remove from privileged groups (reduces risk immediately)

2. Then: Add to restricted groups (applies limitations)

3. Result: Immediate security improvement

Results and Monitoring

Accessing Results

After operation completion:

1. Click "Show Bulk Results" button

2. View summary table with recent operations

3. Click individual operations for detailed results

4. Download detailed logs if needed

Understanding Results

Summary Information:

• Status: SUCCESS, FAILED, or PARTIAL

• Updated Users: Count of users affected

• Started By: Administrator who executed

Detailed Results Analysis

User Processing Statistics:

• Users Failed: Count where operation couldn't be completed

• Users Deactivated: Successfully suspended user count

• Users Removed from App Access: Count by application

• Users Removed from Groups: Group removal count

• Users Added to Groups: Group addition count

Show Details:

• JSON-formatted complete operation log

• Individual user processing results

• Specific error messages for failures

• API response codes and timing data

• Granular success/failure breakdown

Multi-Site Results

Results provide site-specific information:

Security Protections

Administrator Protection

• Organization administrators automatically excluded from all operations

• Prevents accidental administrative lockouts

• Cannot be overridden through any interface

• Protected users identified in operation results

Audit Trail

All bulk operations create permanent records:

• Complete operation details with timestamps

• Individual user processing results

• Administrator attribution and IP tracking

• Available for compliance and audit purposes

Important Limitations

Manual Sync Dependency

• Bulk operations work on data in User Management & License Optimizer database

• Recent changes in admin.atlassian.com may not be reflected

• Manual sync recommended before operations for accuracy

SCIM and Identity Provider Considerations

• SCIM-managed groups cannot be modified manually

• Identity provider may reverse manual changes

• Coordinate with identity management team for SCIM environments

Organization Admin Restrictions

• Org admins cannot be suspended or have access removed

• Automatic protection prevents administrative lockouts

• Plan alternative approaches for org admin management

Related Topics

• User Browser - Learn how to search, filter, and select users for bulk operations

• Automated Tasks - Set up recurring bulk operations on a schedule

• Sync Functionality - Understand when and how to sync data before bulk operations

• Organizations and Sites - Multi-site concepts and management

• Groups & Access Control - Understanding Atlassian group types and permissions

• Settings - Configure organization settings and access controls

• Best Practises & Troubleshooting - Best practises, scenarios, and general troubleshooting guidance