Deprovisioning JIRA Cloud users via Rest API

UPDATE: This method was deprecated by Atlassian as of Jan 2020. If your organization uses Atlassian Access you should be able to use the new Atlassian Org API’s to disable users. More info here


One of the pain points of JIRA Cloud instances is the lack of restful api endpoints that allow IT admins to deprovision user accounts as employees leave your organization.

For system administrators, it’s often a tedious process of logging into JIRA, going into user management and deactivating the user account manually.

Adding to that pain, JIRA has been historically bad at releasing API endpoints that would help IT admins do these tasks faster. If you are so-inclined, read the following open issues linked below.

JIRA having quit on their rest API have since released their paid user management product “Atlassian Crowd“. This might be the ultimate way of controlling your users across JIRA products in larger organizations but for SMB’s its another dollar item on the IT budget.

The bash script below will allow you to deprovision users by calling the Atlassian Cloud API endpoints that the web portal uses. Using these endpoints, we are able to deprovision users just like you would if you would click the deactivate button in the web portal.

The script will prompt for your Atlassian admin user account / password. If your JIRA base URL is different than the default (, you can change the “JIRABaseURL” variable.

Integrate this script with your favorite orchestration software (Jenkins, etc) and you have a fully automated JIRA deprovisioning workflow.

Note: The script uses the popular JSON parser jq ( to process JSON responses from JIRA. Please install jq before using the script.


echo "JIRA Cloud Deprovisioner"

echo "Input the user to be deprovisioned, followed by [ENTER]:"
        read deprovisioned_user


#Authenticate to Atlassian API using usn/password
JIRAAuth=$(curl -s -v -c /var/tmp/cookie_jar.txt -H "Content-Type: application/json" --data '{"username":"'"$JiraAPIUsername"'", "password":"'"$JiraAPIPassword"'"}' -X POST https://$JIRABaseURL/rest/auth/1/session 2>/dev/null)

JIRAUserID=$(curl -s --cookie /var/tmp/cookie_jar.txt  -H "Content-Type: application/json" -X GET "https://$JIRABaseURL/admin/rest/um/1/user?email=$deprovisioned_user" | jq -r '.name')

echo "$JIRAUserID will be deprovisioned"

#Call Atlassian deactivate API and deactivate user
DeactivateResults=$(curl -s --cookie /var/tmp/cookie_jar.txt  -H "Content-Type: application/json"  -X POST https://$JIRABaseURL/admin/rest/um/1/user/deactivate?username=$JIRAUserID 2>/dev/null)
echo "Waiting for JIRA deactivation"
sleep 6

#Check status of user in JIRA after deactivation
JIRACheck=$(curl -s --cookie /var/tmp/cookie_jar.txt  -H "Content-Type: application/json"  -X GET https://$JIRABaseURL/admin/rest/um/1/user?username=$JIRAUserID 2>/dev/null)

JIRADeactivateCheck=$(echo $JIRACheck | jq -r '.active' 2>/dev/null)

if [ "$JIRADeactivateCheck" == "false" ]
        echo "Result: JIRA Deprovision Success. User $deprovisioned_user is inactive."    
  echo "Result: JIRA Deprovision ERROR"

rm -rf /var/tmp/cookie_jar.txt
Rishi Dhar

Rishi Dhar

Creative techie by day; wannabe astronaut by night; world traveler in my free time; a true desi during teatime.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *