How to anonymize users from LDAP in Jira(Server and Datacenter)

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

When using external LDAP, such as Active Directory, users cannot be anonymized directly as they are managed externally.

Resolution

As external users, they need to be modified externally, so, to have the user anonymized, the first action is to move the user out from the search string performed by Jira or delete it. When this action is performed, though, the user can be deleted from Jira or left inactive (this last happen when the user is requestor, assignee or left comments in issues).

In this last scenario, now with the user inactive, we can perform the anonymization as the regular procedure.

Example

The user "myuser" was created in LDAP, synchronized with Jira, some issues were assigned to it and we followed the above procedure to anonymized it.

  1. User was created and sync'ed

    (Auto-migrated image: description temporarily unavailable)

  2. Anonymization failed as expected

    (Auto-migrated image: description temporarily unavailable)

  3. After removing the user in LDAP, as it is assignee of some issues, it was left inactive

    (Auto-migrated image: description temporarily unavailable)

    (Auto-migrated image: description temporarily unavailable)

  4. Now the anonymization can be performed

    (Auto-migrated image: description temporarily unavailable)

  5. And the entries will no longer indicate the previous user

    (Auto-migrated image: description temporarily unavailable)

Anonymize user via REST API

Users can also be anonymised via Rest API after they are removed from external LDAP and we need userKey as request parameter.

The userKey can be found from the app_user table, by below query

1 select * from app_user where lower_user_name like '%testuser%';

Request to validate user anonymization process

1 GET <BASE_URL>/rest/api/2/user/anonymization?userKey=JIRAUSER10100&expand=affectedEntities

Response

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 { "errors": {}, "warnings": {}, "expand": "affectedEntities", "userKey": "JIRAUSER10100", "userName": "testuser", "displayName": "testuser", "deleted": false, "email": "testuser@xyz.com", "success": true, "affectedEntities": { "ANONYMIZE": [ { "type": "ANONYMIZE", "description": "Full name in issue history" }, { "type": "ANONYMIZE", "description": "User Profile", "numberOfOccurrences": 1, "uriDisplayName": "User Profile", "uri": "<BASE_URL>/secure/ViewProfile.jspa?name=testuser" }, { "type": "ANONYMIZE", "description": "Permission", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Person", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Issue", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Ability", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Stage", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Resource", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Team", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Saved View", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Program", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Skill", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Team", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Plan User Property", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Scenario Version", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Plan", "numberOfOccurrences": 0 }, { "type": "ANONYMIZE", "description": "Person", "numberOfOccurrences": 0 } ], "TRANSFER_OWNERSHIP": [ { "type": "TRANSFER_OWNERSHIP", "description": "Permission", "numberOfOccurrences": 0 }, { "type": "TRANSFER_OWNERSHIP", "description": "Plan", "numberOfOccurrences": 0 }, { "type": "TRANSFER_OWNERSHIP", "description": "Program", "numberOfOccurrences": 0 }, { "type": "TRANSFER_OWNERSHIP", "description": "Person", "numberOfOccurrences": 0 } ] }, "operations": [ "USER_NAME_CHANGE", "USER_DISABLE", "USER_TRANSFER_OWNERSHIP_PLUGIN_POINTS", "USER_NAME_CHANGE_PLUGIN_POINTS", "USER_ANONYMIZE_PLUGIN_POINTS", "USER_EXTERNAL_ID_CHANGE" ], "businessLogicValidationFailed": false }

Request to schedule a user anonymization process, please wait for some time till the process is completed:

1 2 3 4 5 6 7 POST <BASE_URL>/rest/api/2/user/anonymization?userKey=JIRAUSER10100&expand=affectedEntities BODY: { "userKey": "JIRAUSER10100", "newOwnerKey": "admin" }

Read more:

Same applies to comment. Only users that left comments in issues are kept as inactive.

Updated on April 14, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageProblemResolutionExample

Still need help?

The Atlassian Community is here for you.
Ask the Community