Versions Compared

Version Old Version 57 New Version Current
Changes made by

ILA eSolution

ILA eSolution

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

Approved for Confluence Data Center (tick)Center Approved (tick)

OWASP Security Verified (tick) 


Simple add-on to remove License for Inactive users and Deactivate or remove Security access groups for users who left organization.

Use Cases:

  • To Remove License for Confluence users who are Never Login or Not active.
  • To Deactivate or Remove License Access Security Groups for Confluence users who left company or Not exists in organization directory.
  • To restore license Or Grant Access on Successful Login attempt.
  • To Search inactive users certain number of days and export to CSV.
  • To Notify license alerts.

Features:

  • Supports to process Large enterprise users base.
  • All Atlassian provided user directories are supported.
  • Supports custom remote external Directories, to check user status either active or deactivated.
  • Option to choose multiple User Directories to process users.
  • Option to process users from specific groups.
  • Option to skip users from specific groups.
  • Option to rename Deactivated user to {username}_inactive_yyyyMMdd
  • Useful REST APIs
  • Also available for Cloud hosting:
Info

Top Users



Image Removed  Image Removed Image Removed Image Removed Image Removed
Info

Top Trusted Users

  • BNP Paribas Bank Polska S.A.
  • Paytm Bank
  • OTP Bank
  • OCBC Bank
  • Autodesk
  • Thales
  • Expedia
  • Broadcom
  • Intel


Info

Quick Start Steps.

Here is Quick Start Steps to start using this plugin. StatuscolourBluetitlestep-1

Go to, System General Configuration > Click Manage Inactive Users.

Step-1A: Configure Skip users for inactivation or deactivation process.

Image Removed

Step-1B: Verify Admin user in App settings > Click update again to confirm.

Image Removed

Note. If your admin username is email prefix then please ensure this email address is not associated for other users.


Status
colourGreen
titlestep-2Use Case #1

Go to, System General Configuration > Click Manage Inactive Users

Info
titleUse Case 1 > --- To reduce the license count.

Configuration to Remove License or Access Security Groups for Confluence users who are Never Login or Not active.

Please see, Manage Inactive Confluence Users


Status
colourGreen
titleUse Case #2

Info
titleUse Case 2 > --- To deactivate users. (Optional)

Configuration to Deactivate and Remove Access Security Groups for Jira users who left company or Not exists in organization directory.

It validates user status in remote user directory.

Image Removed

Note:

  • User Directory Name: To process users for inactivation specific to these directories
  • Processing Group (Optional): It gives flexibility to process users for inactivation from specific group (e.g confluence-users).
    • For testing you can use the group with small number of users.
    • If empty it processes all users
  • Deactivate Users:
    • Set False to remove defined license / access groups for inactive users and reduces license count.
    • Set False if user directory is read-only.
  • Remove Groups: Enter a comma separated license groups (e.g. confluence-users) to remove for inactive users.
  • Add Groups (Optional): To add those users inactive users e.g. confluence-deactivated-users.
  • All Atlassian provided user directories are supported:
    • Supports license groups removal and helps to reduce license count.
    • For Deactivation: User Directory must have read + write permissions.
    • For Crowd Directory: Enable Read/Write access at crowd properties
  • For Internal Directory you need to consider using custom remote directory to validate user status.
  • In addition to default Atlassian Supported User Directories, it also Supports custom remote external Directories.

Step-2A (Optional)

For Manual runs:
  • Go to, On Demand Run > Click Never Login Users Clean
  • Go to, On Demand Run > Click Inactive Users Clean
    • Go to, On Demand Run > Click Former Users Clean
    • Validates user status either active or deactivated in Atlassian supported user directories or a custom remote user directories like Okta, Google G-Suite and Azure AD.

    Please see, Manage Former X Confluence Users


    Status
    colourGreen
    titleUse Case #3

    Info
    titleUse Case 3 --- Automatic license reclamation

    To enable / grant Login access back to those inactive users automatically

    :See 

    .

    Please see, Confluence License reclamation

    Image Removed



    StatuscolourBluetitlestep-4To

    Status
    colourBlueGreen
    titlestep-3

    Go to, System General Configuration > Scheduled Jobs

    Default schedule for Automatic user de-activation.

    Image Removed

    Debug

    Two ways to Debug Manage Inactive Users App :i.e.

    >>> Through atlassian log file — atlassian-confluence.log

    Go to, System General Configuration > Logging and profiling > Add New Entry.

    Code Block
    Class/Package Name: com.tse.confluence.deactivateusers.plugin
Level: Debug

    Click Add.

    >>> Through Audit log.

    Go to, System General Configuration > Audit log.

    Anchor
    customer1
    customer1




    Status
    colour
    Blue
    Green
    title
    Hints

    Known Confluence product bug:
  • On Confluence restart, if any custom schedule settings are reverted to default but still schedule runs with default settings.
    • Workaround, you need to re-save the custom settings. See, https://jira.atlassian.com/browse/CONFSERVER-55455

    Customer #1 Feedback

    We use manage Inactive users plugin along side with Atlassian provided SAML / SSO Plugin for Overall Security as per InfoSec guideline.

    • To deactivate users who left company in Delegated User Directory.
    • To Clean up Inactive users who are not logged in last 90 days.
    • Grant license to Inactive users who comes back on successful attempt.

    Atlassian provided SAML SSO plugin with Delegated LDAP / AD User Directory On login:

    • Helps us to create new users with default group.
    • Helps us to trigger groups synchronise from AD LDAP / Okta with custom prefix.

    Anchor
    customer2
    customer2



    Status
    colourGreen
    titleCUSTOMER #2 FEEDBACK

    We used manage Inactive users plugin's REST API to migrate AD Users from Company X to Company Y.

    From Connector User Directory to Delegated User Directory.

    Step-1, We created New Delegated User Directory.

    Step-2, Go to database update existing connector user directory users in cwd_user, membership and group tables with delegated directory ID

    Step-3, Use manage Inactive users plugin's attribute update REST API to rename username and email addresses.



    Status
    colourGreen
    titleCUSTOMER #3 FEEDBACK

    We use Manage Inactive users plugin with Re:Solution SAML plugin.

    • To deactivate users who left company in Delegated User Directory.
    • To Clean up Inactive users who are not logged in last 90 days.
    • Re:Solution SAML plugin helps to provision / grant license on login.


    Status
    colourGreen
    titleCUSTOMER #4 FEEDBACK

    We use Manage Inactive users plugin with MiniOrange SAML plugin.

    • To deactivate users who left company in Delegated User Directory.
    • To Clean up Inactive users who are not logged in last 180 days.
    • MiniOrange SAML plugin helps to provision / grant license on login.


    Please see, Common Asked Questions and Hints