Manage your organization’s Atlassian accounts
Gain control over your employee's Atlassian accounts.
Troubleshoot issues related to managing groups
When a user is granted access to a cloud product, they are automatically placed into a default access group. For example, a user is invited toJira Software and then gets placed in the group jira-users-<site-name>. Each product has at least one default group, and it’s possible for a default group to give access to more than one product.
Depending on how your organization has set up groups in admin.atlassian.com, a user access admin may find it difficult to perform the actions associated with their role.
These are the main issues you might encounter as a user access admin managing groups.
You can’t configure a default group
Only organization admins have the ability to configure default groups. This means a user access admin can’t make groups default, or remove a group’s default status.
How to resolve this issue
If you are a user access admin who needs to configure a default group, you’ll need to reach out to your organization admin who can do this on your behalf.
You can’t grant product access to a user
User access admins can only grant users access to products they administer. A user access admin won’t be able to grant access to a product if the product’s default group gives access to other products they don’t administer.
For example, let’s say the default group for Jira Software also gives access to Confluence. If you are a user access admin for Jira Software, you won’t be able to grant users access to Jira Software unless you are also a user access admin for Confluence. This is because the default group for Jira Software also gives access to Confluence, a product you don’t administer.
How to resolve this issue
If you are a user access admin experiencing this issue, reach out to your organization admin. An organization admin can either edit the default group for that product or make you a user access admin for the additional products within the default group.
You can’t remove product access from a user
As mentioned before, a user is automatically placed into a default group when they’re granted access to a cloud product. Depending on how an organization is configured, it’s possible for a user to be placed into multiple groups that provide access to the same product.
For example, a user might be in the default group (Group 1) for Jira Software as well as another group (Group 2) that also gives access to Jira Software and Confluence. A user access admin wouldn’t be able to remove product access to Jira Software from this particular user, because they are also in a group that gives access to Confluence, a product the user access admin doesn’t administer.
How to resolve this issue
The only way to resolve this issue as a user access admin is to remove Jira Software access from Group 2. Once this has been removed, the user will only have access to Jira Software via the default group which you are able to update. However, doing this will completely remove access for any Group 2 users without an alternate group that grants access to Jira Software.
Otherwise, you can reach out to your organization admin. An organization admin can either remove product access for a user themselves or make you a user access admin for the additional products within the default group.
You can’t remove product access from a provisioned user
User provisioning connects your identity provider with your Atlassian organization through System for Cross-domain Identity Management (SCIM). When you make updates in your identity provider, the users and groups in your Atlassian organization will also be automatically updated.
After an organization admin connects your identity provider to your Atlassian organization, all provisioned users are automatically added to a group.
Learn more about user provisioning
A user access admin may encounter an issue when trying to remove product access from a provisioned user if their SCIM group grants access to that product.
For example, an organization admin has connected Google Workspace to your Atlassian organization. All users within Google Workspace are placed into the same SCIM group which sits within your Atlassian organization.
You’re a user access admin for Jira Software and you grant the SCIM group access to Jira Software. You then need to remove access to Jira Software for one user within the SCIM group.
In order to remove product access for the user, you’ll need to be able to remove them from all groups that grant access to Jira Software. Because SCIM groups are read-only groups, you can’t remove the user from the SCIM group that grants access to Jira Software. This means you won’t be able to remove access to Jira Software for that user because they are part of a SCIM group.
How to resolve this issue
If you are a user access admin experiencing this issue, reach out to your organization admin. An organization admin can use your identity provider to remove a user from the SCIM group. You’ll then be able to add the user to the default group for Jira Software.
Was this helpful?