Admin permission required: Creating Jira users requires the Administer Jira global permission. The service account used for this operation must have admin rights. Standard user accounts cannot create other users via the API.
When to Use
- Employee onboarding automation: When HR submits a new hire form, an onboarding workflow creates the new employee's Jira account, assigns them to the appropriate project(s), and sends a welcome Slack message with their Jira username — all before their first day.
- Contractor provisioning: When a contractor is approved via a procurement workflow, a BizFirst automation creates their Jira account with contractor-specific project access and notifies the project lead that the account is ready.
- External vendor access: When a vendor is granted temporary access for a project, a workflow creates their Jira account, adds them to the relevant project, and sets a calendar reminder to review their access at project end.
- Bulk user import: A one-time migration workflow reads a CSV of employee records and creates Jira accounts in batch, sending invitation emails to each. Used when migrating teams to a new Jira instance.
- Developer sandbox provisioning: A self-service developer portal allows engineers to request access to a sandbox Jira project. The portal triggers a workflow that creates the account and provisions access automatically without IT involvement.
Configuration
Connection
| Field | Required | Description |
Host | Required | Jira instance base URL. Example: https://acmecorp.atlassian.net |
Email | Required | Atlassian admin account email. Example: jira-admin@acmecorp.com |
ApiToken | Required | API token from Atlassian security settings. Must belong to an admin account. |
Operation Fields
| Field | Required | Description |
EmailAddress | Required | Email address for the new user. Used as the login identifier on Jira Cloud. An invitation email is sent to this address. Example: jsmith@acmecorp.com. |
DisplayName | Required | Full display name shown in Jira. Example: "John Smith". |
Username | Optional | Username override. On Jira Cloud, usernames are generally auto-assigned from the email address. On Jira Server/DC, this sets the login username explicitly. |
Sample Configuration
Create a Jira account for a new hire as part of onboarding:
{
"resource": "user",
"operation": "create",
"Host": "https://acmecorp.atlassian.net",
"Email": "jira-admin@acmecorp.com",
"ApiToken": "{{ $credentials.jiraAdminToken }}",
"EmailAddress": "{{ $json.employee.workEmail }}",
"DisplayName": "{{ $json.employee.firstName }} {{ $json.employee.lastName }}"
}
Validation Errors
| Error Code | Cause |
VAL_MISSING_EMAIL | EmailAddress is empty or null. |
VAL_INVALID_EMAIL | EmailAddress is not a valid email format. |
VAL_MISSING_DISPLAY_NAME | DisplayName is empty or null. |
USER_ALREADY_EXISTS | A user with this email already exists in the Jira instance. |
PERMISSION_DENIED | The authenticated user does not have Administer Jira permission. |
AUTH_FAILED | Invalid credentials or expired API token. |
Output Fields
| Field | Type | Description |
status | string | "success" or "error" |
userId | string | Internal Jira account ID. Store this for future user operations. |
username | string | Assigned username. On Jira Cloud, derived from email address. |
displayName | string | The display name as set. |
email | string | Email address of the created user. |
resource | string | Always "user" |
operation | string | Always "create" |
Sample Output
{
"status": "success",
"userId": "5b10a2844c20165700ede21g",
"username": "jsmith",
"displayName": "John Smith",
"email": "jsmith@acmecorp.com",
"resource": "user",
"operation": "create"
}
Expression Reference
| Expression | Type | Example Value | Use |
{{ $output.createUser.userId }} | string | Account ID string | Store for issue assignment (accountId field) |
{{ $output.createUser.username }} | string | "jsmith" | Include in welcome notification |
{{ $output.createUser.email }} | string | "jsmith@acmecorp.com" | Confirm correct email was used |
Node Policies & GuardRails
- Use a dedicated admin API token: Store a separate admin-level Jira API token in Credentials Manager for user management operations. Do not use the same token as general automation to separate privilege levels.
- Dedup check before creation: Call
user/get first to check whether a user with the email already exists. Only call user/create if no existing account is found, to avoid USER_ALREADY_EXISTS errors.
- Invitation email delay: On Jira Cloud, the new account is not immediately active — the user must accept the invitation email. Do not attempt to assign issues to the new user until the account is active.
- User creation is billable on Cloud: On Jira Cloud, each active user counts toward license cost. Ensure user creation workflows include appropriate approval gates before provisioning accounts.
Workflow Example — Employee Onboarding
// Step 1: HR form submission triggers webhook
// Step 2: user/get — check if user already exists
{
"resource": "user",
"operation": "get",
"Username": "{{ $json.employee.workEmail }}"
}
// Step 3: IfCondition — {{ $output.getUser.status }} === "error" (user not found)
// Step 4 (if new user): user/create
{
"resource": "user",
"operation": "create",
"EmailAddress": "{{ $json.employee.workEmail }}",
"DisplayName": "{{ $json.employee.firstName }} {{ $json.employee.lastName }}"
}
// Step 5: Slack/postMessage — notify IT team with new user details
// Step 6: MongoDB/insert — log provisioning record