Last updated Jan 30, 2023

Remove user access

This tutorial will help you to:

  • Remove user access to products listed in Atlassian Administration.
  • Remove users from Users and Groups in Directory.
  • Make product licenses available for active users.

Users with emails whose domain is claimed can still be found in Managed accounts under Directory even after being removed.

Before you begin

To complete this tutorial, you need the following:

API token ≠ API key:

  • This tutorial uses both API token and API key.
  • API token is used with Basic authentication.
  • API key is used as a Bearer token.

Steps to remove user access

Illustration showing the steps to remove a user's product access

Step 1: Get accountId

AccountId is a required path parameter to remove user access.

1. Get API token

An API token is needed to get the accountId in the next step. Use an API token to authenticate your script.

Atlassian account API tokens screen

To create an API token:

  1. Go to your Atlassian account to create API token.
  2. Select Create API token at the top of the screen.
  3. Name the token.
  4. Copy the field values and store them securely - you will not be able to see it again.

2. Get accountId

To get the accountId:

  1. Use the Jira User Search API with the API token and Basic authentication to get the accountId: GET /rest/api/3/users/search

    curl --request GET \ 
    --url '' \ 
    --user '<api_token>' \ 
    --header 'Accept: application/json'
  2. Search the results by email address or name to find the correct accountId.

Learn more about the Jira API.

If you don’t have Jira, export a .csv of the user list. Learn how to export users from a site

Step 2: Remove user access

1. Get API Key and Organization ID

The Remove user access script uses an API key as a Bearer access token. It also uses the Organization ID field as a path parameter.

Screen to copy the API Key and Organization ID

To create an API key and get the Organization ID:

  1. Go to Atlassian Administration. Select your organization if you have more than one.
  2. Select Settings > API keys.
  3. Select Create API key on the top right.
  4. Enter a name that you’ll remember to identify the API key.
  5. By default, the key expires one week from today. If you’d like to change the expiration date, pick a new date value under Expires on. You’re unable to select a date longer than a year from the date of creation.
  6. Select Create to save the API key.
  7. Copy the values of Organization ID and API key fields by selecting the copy button. Make sure you store these values in a safe place, as we won't show them to you again.
  8. Select Done. The key will appear in your list of API keys.

Learn more about the API keys.

2. Remove user access

Use the accountId, API key and Organization ID from the previous steps to remove user access: DELETE /admin/v1/orgs/{orgId}/directory/users/{accountId}

curl --request DELETE \ 
--url '{orgId}/directory/users/{accountId}' \
--header 'Authorization: Bearer <access_token>'

Make your first request and get started with the Remove User Access API and get more information on error codes.

Rate this page: