Admin permission + irreversibility: This operation requires the Administer Jira global permission. On Jira Cloud, deleted users cannot be reactivated via the API — re-invitation must be done manually. Always reassign the user's open issues before deleting their account to prevent orphaned assignments.
When to Use
- Employee offboarding: When HR submits an offboarding request, an offboarding workflow reassigns all open issues from the departing employee to their replacement, then calls
user/delete to deactivate the Jira account — typically as the final step after all access is revoked.
- Contractor access expiry: When a contractor's project end date arrives, a scheduled workflow checks for contractors whose access period has expired and deactivates their accounts, also querying and reassigning any open issues they own.
- Bulk deprovisioning: After a company acquisition where a team's Jira instance is consolidated, bulk deprovisioning removes redundant accounts from the old instance as part of the migration closure process.
- GDPR data erasure: As part of an automated right-to-erasure workflow, after all the user's personal data has been anonymised or removed, the account itself is deleted to prevent any residual login access.
- Stale account cleanup: A monthly governance workflow identifies accounts that have not logged in for 6+ months and have no assigned open issues. These dormant accounts are deactivated to reduce license costs on Jira Cloud.
Configuration
Connection
| Field | Required | Description |
Host | Required | Jira instance base URL. Example: https://acmecorp.atlassian.net |
Email | Required | Atlassian admin account email. Must have Administer Jira permission. |
ApiToken | Required | API token from Atlassian security settings. Must belong to an admin account. Store in Credentials Manager. |
Operation Fields
| Field | Required | Description |
Username | Required | The username of the account to delete. Example: jsmith. On Jira Cloud, you can pass the email address. Verify with user/get before deleting. |
Sample Configuration
Deactivate a departing employee's Jira account:
{
"resource": "user",
"operation": "delete",
"Host": "https://acmecorp.atlassian.net",
"Email": "jira-admin@acmecorp.com",
"ApiToken": "{{ $credentials.jiraAdminToken }}",
"Username": "{{ $json.employee.jiraUsername }}"
}
Validation Errors
| Error Code | Cause |
VAL_MISSING_USERNAME | Username is empty or null. |
USER_NOT_FOUND | No user exists with the given username, or the user is already deactivated. |
PERMISSION_DENIED | The authenticated user does not have Administer Jira permission. |
CANNOT_DELETE_SELF | An admin user cannot delete their own account via the API. |
AUTH_FAILED | Invalid credentials or expired API token. |
Output Fields
| Field | Type | Description |
status | string | "success" or "error" |
username | string | Username of the deleted account. |
deleted | boolean | true if the account was successfully deactivated/deleted. |
resource | string | Always "user" |
operation | string | Always "delete" |
Sample Output
{
"status": "success",
"username": "jsmith",
"deleted": true,
"resource": "user",
"operation": "delete"
}
Expression Reference
| Expression | Type | Example Value | Use |
{{ $output.deleteUser.deleted }} | boolean | true | Confirm deactivation before logging |
{{ $output.deleteUser.username }} | string | "jsmith" | Record in offboarding audit log |
Node Policies & GuardRails
- Reassign open issues first: Before deleting an account, always call
issue/getAll with assignee = "username" JQL to find all open issues assigned to the user. Reassign each to a replacement or team lead before deleting the account.
- Use dedicated admin token: Store a separate admin API token for user management. Never use the general automation token for admin operations — maintain clear separation of privilege.
- Log before deleting: Call
user/get first and log the user's account details to MongoDB before deletion. This provides a record if the deletion was in error.
- Human approval gate mandatory: Never automate user deletion without a human approval step. Account deletion is irreversible on Jira Cloud — require explicit manager sign-off via an Approval node before executing.
- Stale account check pattern: For dormant account cleanup, use a 6-month inactivity threshold and verify no open issues before deactivating. Announce upcoming deactivation to the user via email 7 days before execution.
Workflow Example — Employee Offboarding
// Step 1: HR webhook — employee departure notification
// Step 2: user/get — verify account exists and is active
{
"Username": "{{ $json.employee.jiraUsername }}"
}
// Step 3: issue/getAll — find all open issues assigned to this user
{
"Jql": "assignee = \"{{ $json.employee.jiraUsername }}\" AND status != Done",
"Limit": 100
}
// Step 4: Loop — reassign each open issue to manager
// issue/update per issue: { "Fields": { "assignee": { "accountId": "$output.getManager.userId" } } }
// Step 5: Approval Node — manager confirms offboarding is complete
// Step 6 (after approval): user/delete
{
"resource": "user",
"operation": "delete",
"Username": "{{ $json.employee.jiraUsername }}"
}
// Step 7: MongoDB/insert — log offboarding record
// Step 8: Slack/postMessage — confirm to HR that Jira access revoked