User Deactivator Documentation Current: Administrator Guide Administrator Guide Where To FindJiraNavigate to the User management section and click on User Deactivator:ConfluenceIn the administration section, scroll down to USERS & SECURITY and click on User Deactivator: BitbucketClick on the Admin cog wheel icon in the upper right corner and the select User Deactivator from either the Accounts section in the left panel or the overview page itself:Bulk User OperationsFiltering UsersChange multiple filter settings (1) to retrieve users (3) you want to deactivate, reactivate or remove from groups.These filters are:Time Since Last ActivityActivity StatusIn GroupNot In GroupApplication AccessSearch in Full Name, Username and EmailCached ResultsWith version 4.3.0 we've introduced a select box to disable the result cache (2), if required. If you are working in an instance with constant changes to user records, you might want to disable the cache.Example: a user gets removed from a group while you are filtering for users in that group. Only with the cache disabled, the user would disappear from the result list, when running the filter again.If the result cache is enabled and a user has been deleted or renamed in the meantime, you'll see a text instead of the username:Directory ModeSince version 4.2.0 you will also see a color assigned to the directory the user is located in. If it's red, the directory is in read-only mode and you won't be able to deactivate these users.Usually only removing users from groups will still work then, but only, if the group is not already assigned to the user in the directory.An example would be a Microsoft Active Directory in Read Only, with Local Groups mode which you've configured so that a group is assigned to the user on first login. That group could then be removed from the user.The below screenshot depicts a Microsoft Active Directory in that mode where the jira-software-users group is assigned locally to the users if they first login:Per-User ActionsAlso since version 4.2.0 you can nowEditDisable/ DeactivateDeleteusers from the Actions column in the result list on the Bulk User Operations result list:For bulk operations, proceed as described below.Select Users to be ModifiedClick the checkboxes of the users you want to bulk operate on and click on Choose Bulk ActionYou can also use the Select All button to select all the users matching your filter criteria.Choose Bulk OperationPick one of the bulk user operation types and click on Next Since version 4.1.0 you may now override the default protection to not deactivate/ remove from groups ifthe user is a component- or project lead of a project in Jirathe user is a space admin in Confluencethe user is a repository- or project admin in BitbucketJust check the box "Force destructive operations" before performing the bulk action. Confirm your ChoiceConfirm your selection, you'll see a summary of the operation to be executed:Wait for the operation to completeReviewing the ResultThe result screen will show a summary of the operation again.Unsuccessful Login AttemptsVersion 4.2.0 introduces new functionality which allows you to see inactive users who have tried to login again. This will allow admins to get a better overview of whom they might want to reactivate again. The tab contains all the functionality from the Bulk User Operations tab, you can refine the filter, perform single user actions or bulk operations in the same way.Automatic User DeactivationUser Deactivator can be configured to automatically deactivate users or remove them from groups instead. To configure a rule for automatic deactivation, click on the "Automatic User Deactivation" tab.After automatic user deactivation is enabled, User Deactivator will execute the rule 30 seconds after automatic deactivation is enabled or edited and saved again. The rule will then be scheduled to run every 24 hour from that time. Configure automatic deactivationConfigure a rule that instructs User Deactivator to automatically deactivate users not active for a period of time, for example 1 year. User Deactivator will then check for active users every 24 hours. If the last activity date of a user is one year old or more, the user will be deactivated.Since version 2.1.x (Jira 7) and 3.1.x (Jira 8), the following changes and features have been introduced:Email Address for receiving a report about the users modified during auto-deactivation has become optionalif none was provided, no summary report will be emailedif User Deactivation Mode has been set to "Remove Users from Groups" and one or more group names have been selected, users will be removed from these groups instead of being deactivatedthis feature is specifically intended for users who manage users of i.e. Confluence via their Jira directoryyou could remove users from all groups starting with "jira" and "confluence" and would revoke their access for both Atlassian platforms that waythis would then also save Confluence licensesplease be aware of this being a specific setup of Jira/ Confluence with Crowd, it does not automatically apply for all Jira and Confluence installationsselect one or more group names who's members would be excluded from deactivation or group removal exclude groups overrules the "Groups to remove", should you (accidentally) provide the same group names in bothA user cannot be automatically deactivated or removed if:the user is a system administrator or administrator Since version 4.1.0 you may now override the default protection to not deactivate/ remove from groups if the user is a component- or project lead of a project in Jirathe user is a space admin in Confluencethe user is a repository- or project admin in BitbucketJust check the box "Force destructive operations" before the Reporting section in the automatic deactivation Expiration email to usersIf you select an option other than "Don't send Email" under the "Days before sending expiration email to users" option, users will receive a notification from 1-14 days prior deactivation or group removal, so that can login again, preventing that.With "Don't send Email" selected, they would be deactivated on the next scheduled run, which occurs 30 seconds aftersaving the rule, then again 24 hours later, for users matching the criteria configured.The emails looks like below:Warning about being removed from groupsWarning about being deactivatedEmail report of automatically deactivated usersIf one or more users are automatically deactivated or removed from groups, an email report will be sent to the email address specified in the reporting section:The summary email looks as follows:In case some users couldn't be deactivated because of an unexpected error, a second table in the report will indicate this.Microsoft Active DirectoryUser Deactivator for Jira works as follows with different configurations of Microsoft Active Directory.Jira configurationFunctionRead OnlyIf an attempt to deactivate a user in a read-only Active Directory, an error message Cannot edit user, as the user's directory is read only will appear. The user cannot be deactivated. Read Only with Local GroupsIf an attempt to deactivate a user in a read-only Active Directory, an error message Cannot edit user, as the user's directory is read only will appear. The user cannot be deactivated. Read/WriteA user residing in a read/write Active Directory can be deactivated SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.