UPDATE: This method was deprecated by Atlassian as of Jan 2020. If your organization uses Atlassian Access you should be able to use the new Atlassian Org API’s to disable users. More info here
——————-
One of the pain points of JIRA Cloud instances is the lack of restful api endpoints that allow IT admins to deprovision user accounts as employees leave your organization.
For system administrators, it’s often a tedious process of logging into JIRA, going into user management and deactivating the user account manually.
Adding to that pain, JIRA has been historically bad at releasing API endpoints that would help IT admins do these tasks faster. If you are so-inclined, read the following open issues linked below.
https://jira.atlassian.com/browse/ID-164
https://jira.atlassian.com/browse/ID-6305
JIRA having quit on their rest API have since released their paid user management product “Atlassian Crowd“. This might be the ultimate way of controlling your users across JIRA products in larger organizations but for SMB’s its another dollar item on the IT budget.
The bash script below will allow you to deprovision users by calling the Atlassian Cloud API endpoints that the web portal uses. Using these endpoints, we are able to deprovision users just like you would if you would click the deactivate button in the web portal.
The script will prompt for your Atlassian admin user account / password. If your JIRA base URL is different than the default (atlassian.net), you can change the “JIRABaseURL” variable.
Integrate this script with your favorite orchestration software (Jenkins, etc) and you have a fully automated JIRA deprovisioning workflow.
Note: The script uses the popular JSON parser jq (https://stedolan.github.io/jq/) to process JSON responses from JIRA. Please install jq before using the script.
#!/bin/bash
echo "JIRA Cloud Deprovisioner"
echo "Input the user to be deprovisioned, followed by [ENTER]:"
read deprovisioned_user
JiraAPIUsername="ADMINUSERNAME"
JiraAPIPassword="ADMINUSERPASSWORD"
JIRABaseURL="atlassian.net"
#Authenticate to Atlassian API using usn/password
JIRAAuth=$(curl -s -v -c /var/tmp/cookie_jar.txt -H "Content-Type: application/json" --data '{"username":"'"$JiraAPIUsername"'", "password":"'"$JiraAPIPassword"'"}' -X POST https://$JIRABaseURL/rest/auth/1/session 2>/dev/null)
#GetJIRAUserID
JIRAUserID=$(curl -s --cookie /var/tmp/cookie_jar.txt -H "Content-Type: application/json" -X GET "https://$JIRABaseURL/admin/rest/um/1/user?email=$deprovisioned_user" | jq -r '.name')
echo "$JIRAUserID will be deprovisioned"
#Call Atlassian deactivate API and deactivate user
DeactivateResults=$(curl -s --cookie /var/tmp/cookie_jar.txt -H "Content-Type: application/json" -X POST https://$JIRABaseURL/admin/rest/um/1/user/deactivate?username=$JIRAUserID 2>/dev/null)
echo "Waiting for JIRA deactivation"
sleep 6
#Check status of user in JIRA after deactivation
JIRACheck=$(curl -s --cookie /var/tmp/cookie_jar.txt -H "Content-Type: application/json" -X GET https://$JIRABaseURL/admin/rest/um/1/user?username=$JIRAUserID 2>/dev/null)
JIRADeactivateCheck=$(echo $JIRACheck | jq -r '.active' 2>/dev/null)
if [ "$JIRADeactivateCheck" == "false" ]
then
echo "Result: JIRA Deprovision Success. User $deprovisioned_user is inactive."
else
echo "Result: JIRA Deprovision ERROR"
fi
rm -rf /var/tmp/cookie_jar.txt
Recent Comments