Page Comparison

Info

Approved for Confluence Data Center Center Approved

OWASP Security Verified

Simple add-on to remove License for Inactive users and Deactivate or remove Security access groups for users who left organization.

Use Cases:

To Remove License for Confluence users who are Never Login or Not active.
To Deactivate or Remove License Access Security Groups for Confluence users who left company or Not exists in organization directory.
To restore license Or Grant Access on Successful Login attempt.
To Search inactive users certain number of days and export to CSV.
To Notify license alerts.

Features:

Supports to process Large enterprise users base.
All Atlassian provided user directories are supported.
Supports custom remote external Directories, to check user status either active or deactivated.
Option to choose multiple User Directories to process users.
Option to process users from specific groups.
Option to skip users from specific groups.
Option to rename Deactivated user to {username}_inactive_yyyyMMdd
Useful REST APIs
Also available for Cloud hosting:
- Manage Inactive Users for Jira & Confluence (Cloud)

Info
Top Users

Image Removed

Info
Top Trusted Users

BNP Paribas Bank Polska S.A.
Paytm Bank
OTP Bank
OCBC Bank
Autodesk
Thales
Expedia
Broadcom
Intel

Info
Quick Start Steps.

Here is Quick Start Steps to start using this plugin.

Status


colour	BlueGreen
title	step-1Use Case #1

Go to, System General Configuration > Click Manage Inactive Users.

Step-1A: Configure Skip users for inactivation or deactivation process.

Image Removed

Step-1B: Verify Admin user in App settings > Click update again to confirm.

Image Removed

Note. If your admin username is email prefix then please ensure this email address is not associated for other users.

StatuscolourBluetitlestep-2

Go to, System General Configuration > Click Manage Inactive Users

Info

title	Use Case 1 > --- To reduce the license count.

Configuration to Remove License or Access Security Groups for Confluence users who are Never Login or Not active.

Image Removed

Note:

User Directory Name: To process users for inactivation specific to these directories

Processing Group (Optional): It gives flexibility to process users for inactivation from specific group (e.g confluence-users).

For testing you can use the group with small number of users.
If empty it processes all users

Deactivate Users (Optional):

Set False to reduce license count.
Set False if user directory is read-only.

Remove Groups: Enter a comma separated license groups (e.g. confluence-users) to remove for inactive users.

Add Groups (Optional): To add those users inactive users e.g. confluence-inactive-users.

All Atlassian provided user directories are supported:

Supports license groups removal and helps to reduce license count.

For Deactivation: User Directory must have read + write permissions.

For Crowd Directory: Enable Read/Write access at crowd properties

Please see, Manage Inactive Confluence Users

Status


colour	Green
title	Use Case #2

Info

title	Use Case 2 > --- To deactivate users. (Optional)

Configuration to Deactivate and Remove Access Security Groups for Jira users who left company or Not exists in organization directory.

Image Removed

Note:

User Directory Name: To process users for inactivation specific to these directories
Processing Group (Optional): It gives flexibility to process users for inactivation from specific group (e.g confluence-users).
- For testing you can use the group with small number of users.
- If empty it processes all users
Deactivate Users:
- Set False to remove defined license / access groups for inactive users and reduces license count.
- Set False if user directory is read-only.
Remove Groups: Enter a comma separated license groups (e.g. confluence-users) to remove for inactive users.
Add Groups (Optional): To add those users inactive users e.g. confluence-deactivated-users.
All Atlassian provided user directories are supported:
- Supports license groups removal and helps to reduce license count.
- For Deactivation: User Directory must have read + write permissions.
- For Crowd Directory: Enable Read/Write access at crowd properties
For Internal Directory you need to consider using custom remote directory to validate user status.
In addition to default Atlassian Supported User Directories, it also Supports custom remote external Directories.

Step-2A (Optional)

For Manual runs:

Go to, On Demand Run > Click Never Login Users Clean

Go to, On Demand Run > Click Inactive Users Clean

Go to, On Demand Run > Click Former Users Clean

Validates user status either active or deactivated in Atlassian supported user directories or a custom remote user directories like Okta, Google G-Suite and Azure AD.

Please see, Manage Former X Confluence Users

Status


colour	Green
title	Use Case #3

Info

title	Use Case 3 --- Automatic license reclamation

To enable / grant Login access back to those inactive users automatically

:See

.

Please see, Confluence License reclamationImage Removed

StatuscolourBluetitlestep-4To

Status


colour	BlueGreen
title	step-3

Go to, System General Configuration > Scheduled Jobs

Default schedule for Automatic user de-activation.

Image Removed

Debug

Two ways to Debug Manage Inactive Users App :i.e.

>>> Through atlassian log file — atlassian-confluence.log

Go to, System General Configuration > Logging and profiling > Add New Entry.

Code Block
Class/Package Name: com.tse.confluence.deactivateusers.plugin Level: Debug

Click Add.>>> Through Audit log.

Go to, System General Configuration > Audit log.

Anchor

	customer1
	customer1

On Confluence restart, if any custom schedule settings are reverted to default but still schedule runs with default settings.

Workaround, you need to re-save the custom settings. See, https://jira.atlassian.com/browse/CONFSERVER-55455

Status

colour

Blue

title
Green

Hints

Known Confluence product bug:

Customer #1 Feedback

We use manage Inactive users plugin along side with Atlassian provided SAML / SSO Plugin for Overall Security as per InfoSec guideline.

To deactivate users who left company in Delegated User Directory.
To Clean up Inactive users who are not logged in last 90 days.
Grant license to Inactive users who comes back on successful attempt.

Atlassian provided SAML SSO plugin with Delegated LDAP / AD User Directory On login:

Helps us to create new users with default group.
Helps us to trigger groups synchronise from AD LDAP / Okta with custom prefix.

Anchor

	customer2
	customer2

Status


colour	Green
title	CUSTOMER #2 FEEDBACK

We used manage Inactive users plugin's REST API to migrate AD Users from Company X to Company Y.

From Connector User Directory to Delegated User Directory.

Step-1, We created New Delegated User Directory.

Step-2, Go to database update existing connector user directory users in cwd_user, membership and group tables with delegated directory ID

Step-3, Use manage Inactive users plugin's attribute update REST API to rename username and email addresses.

Status


colour	Green
title	CUSTOMER #3 FEEDBACK

We use Manage Inactive users plugin with Re:Solution SAML plugin.

To deactivate users who left company in Delegated User Directory.
To Clean up Inactive users who are not logged in last 90 days.
Re:Solution SAML plugin helps to provision / grant license on login.

Status


colour	Green
title	CUSTOMER #4 FEEDBACK

We use Manage Inactive users plugin with MiniOrange SAML plugin.

To deactivate users who left company in Delegated User Directory.
To Clean up Inactive users who are not logged in last 180 days.
MiniOrange SAML plugin helps to provision / grant license on login.

Please see, Common Asked Questions and Hints

Version	Old Version 55	New Version Current
Changes made by	ILA eSolution	ILA eSolution
Saved on	Jun 27, 2021	Aug 28, 2024

Versions Compared

Key