Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
License Optimizer Admin Guide
License Optimizer functionality is currently only available in the Jira and Confluence versions of the app.
If you are using version 4.6.0 or newer, open the User Deactivator admin UI as explained here.
The first configuration tab contains its settings and a wizard to complete the configuration:
Concept Of License Optimization
To get familiar with the concept of license optimization we suggest watching the video below
License Optimizer basically adds and removes users from the group providing application access based on their activity in Jira or Confluence.
If users are not actively using the user interface for the inactivity period defined, they are removed from the group and once they get active again are added to it.
The same will happen during login or after logout.
If you are using Single Sign-On or another app to log in users to Jira or Confluence, please also read here.
It would be best if you made some adjustments to ensure that users are added to the right groups during login.
Please read below which groups these are – that depends on your configuration.
Configuration
Select Application
For each Jira application (Jira Service Management, Jira Software and Jira Core), there is a dedicated configuration. For Confluence, there is just one.
You can either use the wizard for each of these or configure it directly, once you are familiar with the settings.
To start the configuration, enable it for the application first:
Allowed Users Group
License Optimizer needs to know which group the users who are subject to optimization are members of.
This is usually the group providing application access by default:
- jira-servicedesk-users for Jira Service Management
- jira-software-users for Jira Software
- jira-core-users for Jira Core
- confluence-users for Confluence
If you are using a different group already, you should use this one instead.
You could also create a new one but this would only really make sense if you don't want to optimize licenses for everybody.
The optimizer doesn't make any changes to that group, it is only using it to determine if a user should have access or not.
Assign the group to the Allowed Users Group field in the configuration:
License Group
We recommend creating a new group for this. You can also choose an existing group,
but remember that we will add and remove users to it as needed, so it should be dedicated to our use.
The wizard offers to create this group for you, it will add the term licensed- to the Atlassian default name.
- jira-servicedesk-licensed-users for Jira Service Management
- jira-software-licensed-users for Jira Software
- jira-core-licensed-users for Jira Core
- confluence-licensed-users for Confluence
If you are not using the wizard, create the group yourself or select an existing one.
Assign it to the License Group field in the configuration:
The warning about that group not having application access we'll take care of in the next configuration step.
Adding Application Access To New Group
You need to grant application access to the new group.
Jira
Open the https://your-jira-base-url/secure/admin/ApplicationAccess.jspa Application Access page and add the group to the application you want to optimize licenses for.
Add the group to the application:
Also, check the default box (you can leave the other settings as is):
Confluence
Open the https://your-confluence-base-url/admin/permissions/globalpermissions.action Global Permissions page:
Click on Edit Permissions first:
Add the group to Licensed Users/ Groups:
Check the same boxes as for the confluence-users group to provide the same permissions:
Inactivity Period
The default setting is more than 1 hour but you could also select shorter periods. The shorter the period, the more aggressive you are in saving licenses.
It is however a trade-off with some CPU & Database load that you are adding.
License Buffer
This setting is only visible in Datacenter environments.
License Optimizer is running on each node of your Datacenter setup.
When there is a lot of concurrent activity, it is a good idea to reserve a few licenses to prevent exceeding the maximum license count due to race conditions.
Activate Settings
If you did all of the above, you can already enable License Optimizer for the application and press Save.
Removing application access from the old group
The only thing left to do now is to remove application access from the old group
Jira
Open the https://your-jira-base-url/secure/admin/ApplicationAccess.jspa Application Access page again and remove the group from it:
Confluence
Open the https://your-confluence-base-url/admin/permissions/globalpermissions.action Global Permissions page again.
Click on Edit Permissions first and uncheck all boxes for each permission of the old group:
Click Save All at the bottom of the page. This will also remove the old group from the list of Licensed Users/ Groups.
Considerations
Scalability
The License Optimizer feature has been tested with the Atlassian Datacenter Testing Framework and 3000 to 4000 concurrent users in Jira- and Confluence.
Service And Automation User Accounts
We usually recommend not including service accounts (used for automation and scripting with the REST API) in the "Allowed Users Group" and always assigning a license to these accounts instead.
It depends a bit on how much you can adjust the scripts used by these accounts. We've seen some REST request results where retrying the operation was required, something you can not always control yourself.
License Buffer
In the Datacenter version of the app, there is an additional license buffer size field that defaults to 5.
This is to avoid problems due to race conditions (many people becoming active again at the same and exact time) and to prevent the total amount of licenses used is exceeded.
Should you ever run into a situation like that you might need to increase the buffer size. In an ideal scenario, a lower buffer size might suffice.