Scheduled User Actions: How to Configure

Once you have installed User Management you will need to specify what actions you want it to take, on which users, at what time and where to save the logs. In order to do this, you will need to create Scheduled User Actions schemes.

The following "How to" walks you through the Schemes' configuration steps in order of the screens you will be presented with. If you would like guidance on how to best set up your scheduled actions, feel free to get in touch via the "Email 24x7 Support" link.

Screen 1 - Schedule Run Time

On the first screen, 'Schedule Run Time', you can configure the following:

1. Event Type: What type of schedule run this scheme is.
   
   There are 3 different types:
   
   • On user login (2 and 3 not applicable).
   • On user create (2 and 3 not applicable).
   • On Schedule (On cloud, only on schedule is available to be selected as the event type.)
     
     
2. Run Time: At what time of day/night the User Management actions should be undertaken.
   
   We recommend that the first run of User Management is initiated manually via the run now button once the scheme has been saved. Once you are confident that you have configured User Management to your liking you can then automate the run process.
   
   On cloud, the scheme will start within an hour of the specified start time.

1. Run Interval: The length of time between clean ups. The intervals reach from minutes (for testing) to once a year.
   

   
   As per the screenshot, if you have no valid license you can configure User Management, but no actual cleanup work will be performed.

   

Screen 2 - Select User

On the second screen, 'Select User', you can configure which users will be included in the clean up (please note all conditions are independent of each other). On cloud, the 'scheme admin user' field has been replaced with a source selection option which allows you to manage your Atlassian organisation users, note that only organisations utilising the centralised user experience are available for selection as demonstrated by the second screenshot below. A list of supported filters can be found here

1. Never Logged In: Tick this box to select users who have never logged in. Also allows you to specify an exemption period, so that users who have been created very recently are not selected.

2. By time since last login: Tick this box to clean up users who have not logged in within a certain time period.

3. Only logged in once: Tick this box to clean up user who have only logged into the application once for all time. Enter an exemption period, e.g. 3 days. In this case users who only logged in once, but within the last 3 days, will not be selected.
   This feature is useful to tune the definition of "infrequent users".
4. Deactivated: Tick the box to perform additional clean up functions on users that are already deactivated.
5. By email domain: Tick this box to select users whose email domain matches one of the specified email domains.
6. By not having email domain: Tick this box to select users whose email domains do not any of the specified email domains.

Further tune up the results:

1. Only include groups: Specify groups to restrict scheme actions to users in these groups, in conjunction with the above filters
   1. There are additional toggles for "Any" or "All" to filter user's by membership to “All” the selected groups or “Any” of them

   2. Enter "NO_GROUPS" in the groups search field to find users who do not belong to any groups

      
2. Exempted Groups: Specify the groups whose members should be excluded from any actions performed by the scheme. 
   1. There are additional toggles for "Any" or "All" to filter user's by membership to “All” the exempt groups or “Any” of them

   2. Search for "NO_OTHER_GROUPS" can be used alongside the groups filter to find users who are exclusively in the specified groups and no others.

      
3. Exempted users: Enter all the users you want to be completely exempt from the clean up.

Screen 3 - Actions to Perform

On the third screen, 'Actions to Perform', you can configure what actions should be performed. A complete list of actions that can be performed for each source type can be found here 

1. Enable Test Mode: Whether or not you want User Management to perform a test/dry run. A test run will perform the same audit logging as a normal run, but won't take any actions on the users. 
   After a test run if you are happy with the report you can disable Test Mode and re-run the task, so that User Management will perform the actions on the users.
2. Actions on Users:
   
   1. Delete the user. If this option is selected and it is not possible to delete the user,  the options selected below will be performed on the user.
   2. Deactivate the user
   3. have them removed from all groups, or
   4. have them removed from all application access groups, or
   5. have them removed/added from/to specific groups.
   6. have the user renamed: '-inactive' will be added to the end of the selected users' usernames

   7. Cloud-Only Actions:

      1. 1. suspend the user's access to products listed in Atlassian Administration
         2. restore the user's access to products listed in Atlassian Administration
3. Rename: You can have users suffixed with a '-inactive' to their username.
4. Create Jira Issues: (User Management Jira only) Creates a Jira issue for each selected user. See this article for a discussion of how this works: User Management - Create Jira issues action
5. Invalidate passwords: Resets the password to a securely generated random string, so that the user will not be able to log in with their existing password. There is also an option to send password reset links to these users.

Screen 4 - Audit Logging

All schemes will create in-product run logs which can viewed from the run logs screen. However additional audit logging may also be chosen.

On the fourth screen, 'Audit Logging', you will create a name for your scheme and configure the following (the below additional configurations are not available on cloud):

1. Whether actions should be logged into the application log files.
2. If you want a standalone report file to be created for each run.

3. Who should receive the report via email.

Screen 5 - Administration

The fifth screen, 'Scheme Overview', shows you all the options you have chosen.

You can either click 'Run Now' to perform the tasks that you wanted to be performed or you can let the machine do it whenever you scheduled the work to be done.

Pair User Management with EasySSO for the Atlassian Suite. Visit the Atlassian Marketplace for more information.