Bulk disable/remove inactive users in Jira Data Center

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Eventually, Users are no longer active in Jira and have to be disabled manually by Jira Admins to either release license slots or for company standards.

The current process of disabling users can be tedious and time-consuming, as you have to manually set the users as inactive in the UI.

There are a few methods to bulk disable users.

Solution

Before you begin:

You can only change the active status of Internal Users or users coming from a Delegates Directory (Internal with LDAP Authentication). The user status of external users coming from Active Directory or LDAP directory must be managed on the LDAP side and synchronized to Jira.

If you have a Delegated Directory, you have to edit the directory settings and uncheck the option Copy user on Login; this will allow Jira to update the user status locally. This setting can be enabled after disabling the users you need to disable.

1. Rest API:

Since Jira 8.3, we implemented the Rest API endpoint to disable users: api/2/user

Sending a PUT to this endpoint can disable users in bulk. For example, sending a PUT with the following request body can disable two users:

https://jira.base.url/jira/rest/api/2/user?username=test1&username=test2&active=false

{
  "name": "test1",
  "active": false
}

{
  "name": "test2",
  "active": false
}

Bash command line:

You can interact with this endpoint using a pre-defined user list from the bash command line, which makes the usage of this endpoint more dynamic for bulk disabling users:

Requirements:

You must have a list of users in a .txt file.
Usernames from this list must be line-separated and must be the exact same username from the cwd_user table.
These users must be either internal users or from a Delegated directory.
The delegated directory must be edited, and the option Copy user on Login unchecked.
You must execute the command from the bash command line from the same path as the .txt file is located.

Using Basic Auth

xargs -I {} curl -v -D- -u jiraadmin:password -X PUT --data '{"username": "{}", "active": false }'  -H "Content-Type: application/json" https://jira.baseurl/rest/api/2/user?username={} < data.txt

Using a PAT

xargs -I {} curl -k -v -H "Authorization: Bearer <Token>" -X PUT --data '{"username": "{}", "active": false }'  -H "Content-Type: application/json" https://jira.baseurl/rest/api/2/user?username={} < data.txt

ℹ️ The command above will set all users within the data.txt text file as inactive.

NOTE: You may encounter the error"curl: (3) Illegal characters found in URL." This could be caused by the source .txt file being generated on a different OS than the one currently running the command. If that's the case, you can fix it by creating a new text file and copying its contents locally.

Example of the .txt format:

users.txt

test1
test2
test3
test4
test5

2. Database:

Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

Setting the 'active' column in the cwd_user table to false allows you to change the database column and bulk disable users.

update cwd_user set active = 0 where lower_user_name in ('psouza', 'winston' .....)

ℹ️ This will disable all usernames within the where clause. Make sure to check the exact usernames you want to disable in the cwd_user table

ℹ️ For the update statement to take effect, you will need to restart your Jira instance.

3. Remove user membership from Application Access groups:

This method is recommended when you have users coming from an external directory that must be disabled in Jira, but you don't have access to the LDAP side, or users must continue to be active in the LDAP.

You can proceed to remove all the groups providing Application Access to these users; this will set the user as Inactive in Jira since the user no longer has access to the application.

You can bulk remove users' membership by navigating to Administration (⚙) > User management > Groups and editing the members of the groups providing application access.

You can also send a DELETE to the endpoint api/2/group to bulk delete the membership of the groups.

4. Third-Party Apps

This list is not exhaustive, but it does give you an idea of what is available. Click on the app name to go to their Marketplace listing.

Bulk user delete for Jira - This has the option to upload and delete users via a CSV file.
Scriptrunner - a third-party app that allows for scripting within Jira. You may wish to reference our Community article How do you bulk delete or deactivate users.

Additional resources

ℹ️ Please note that Atlassian does not have control over the function of 3rd party apps. There may be changes to those listed, or newer apps available that may suit your needs.

You may also want to vote and comment on our feature requests for this topic: JRASERVER-8047 - Bulk delete users

Updated on June 12, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support