Bulk Disable Jira Users
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Eventually, Users are no longer active in Jira and have to be disabled manually by Jira Admins to either release license slots or for company standards.
The current process to disable users can be tedious and time-demanding since you have to manually set the users as inactive in the UI.
There are a few methods to bulk disable users:
Solution
Before you begin:
You can only change the active status of Internal Users or users coming from a Delegated Directory (Internal with LDAP Authentication). User status of external users coming from Active Directory or LDAP directory must be managed on the LDAP side and synchronized over to Jira.
If you have a Delegated Directory, you have to edit the directory settings and uncheck the option Copy user on Login, this will allow Jira to update the user status locally. This setting can be enabled after disabling the users you need to disable.
1. Rest API:
Since Jira 8.3 we implemented the Rest API endpoint to disable users api/2/user: JRASERVER-44801 - JIRA API disabling users
Sending a PUT to this endpoint can disable users in bulk, Eg sending a PUT with the following request body below can disable two users: https://jira.base.url/jira/rest/api/2/user?username=test1&username=test2&active=false
1
2
3
4
5
6
7
8
9
{
"name": "test1",
"active": false
}
{
"name": "test2",
"active": false
}Bash command line:
You can interact with this endpoint using a pre-defined user list from the bash command line, this makes the usage of this endpoint more dynamic to bulk disabling users:
Requirements:
You must have a list of users in a .txt file;
Usernames from this list must be line separated and must be exact same username from cwd_user table.
These users must be either internal users or from a Delegated directory;
The delegated directory must be edited, and uncheck the option Copy user on Login
You must execute the command from bash command line from the same path the .txt file is located.
Using Basic Auth
1
xargs -I {} curl -v -D- -u jiraadmin:password -X PUT --data '{"username": "{}", "active": false }' -H "Content-Type: application/json" https://jira.baseurl/rest/api/2/user?username={} < data.txtUsing a PAT
1
xargs -I {} curl -k -v -H "Authorization: Bearer <Token>" -X PUT --data '{"username": "{}", "active": false }' -H "Content-Type: application/json" https://jira.baseurl/rest/api/2/user?username={} < data.txtℹ️ The command above will be setting all users within the data.txt text file as inactive.
NOTE: You may encounter the error "curl: (3) Illegal characters found in URL", this could be caused by the source .txt file being generated on a different OS than the one currently running the command, if that's the case, it can be fixed by creating a new text file and copying the contents locally.
Example of the .txt format:
users.txt
1
2
3
4
5
test1
test2
test3
test4
test52. Database:
It is possible to change the database column and bulk disable users setting the 'active' column from the cwd_user table to false.
1
update cwd_user set active = 0 where lower_user_name in ('psouza', 'winston' .....)ℹ️
This will be disabling all usernames within the where clause, make sure to check the exact usernames you want to disable in the cwd_user table
ℹ️The update statement will only take effect restarting the application after performing the database change.
3. Remove user membership from Application Access groups:
This method is recommended when you have users coming from an external directory that must be disabled in Jira, but you don't have access to the LDAP side or users must continue active in the LDAP.
You can proceed to remove all the groups providing Application Access to these users, this will set the user as Inactive in Jira side since the user no longer have access to the application.
You can bulk remove users' membership by browsing to the https://jira.base.url/jira/secure/admin/user/GroupBrowser.jspa and edit the members of the groups providing application access.
You can also send a DELETE to the endpoint api/2/group to bulk delete the membership of the groups.
Was this helpful?