Bulk user account deactivation (last-login-based)

Part of any Jira admin activities (and system administrator acting as the same) is to ensure an up-to-date, cleaned-up Jira user account database is maintained over time.

A typical case scenario is having security/compliance policies that enforce user account deactivations on specific platforms, like Jira, whenever a user account's last login reaches a specific aging (days from the current date the user account hasn't logged in to Jira)

Customers can automate this task using PS and SIL routines (scripting).

Instructions

IMPORTANT: This how-to procedure assumes the customer has successfully exported the user’s account information from Jira, including the account username and last login fields, into a CSV (comma-separated values) file.

CSV file (example) - the last_login column must be in an MM/dd/yyyy format, as shown below. The date format must be adjusted at a script level if it is modified.

username,last_login
pabloandresvb,11/01/2022
pvergarab,01/01/2023

PS/SIL script

Copy/paste the PS/SIL code snippet below directly on the SIL Manager
Modify code lines according to the following notes:

Line #6: replace “users.csv” with your CSV file. If the customer changes the file path, the location must be accessible (read permission) by Power Scripts on the Jira instance filesystem.
Line #9: the provided date format can be used. The customer must ensure it matches the CSV file last_login column format if it gets modified.
Line #11: to check the user’s account aging, the “90d” (90 days) was used on this provided script. It can be modified according to the customer’s requirements.

Execute the script and check the output from the Editor console

struct Login { // Login struct created to handle CSV file data
  string username;
  string last_login;
}

Login [] fileContent = readFromCSVFile("users.csv", true); // CSV file reading process

for (Login l in fileContent) {
    date last_login = parseDate("MM/dd/yyyy", l.last_login); // Date conversion from CSV file
    
    if (last_login < (currentDate() - "90d")) { // Checking user account aging status
        runnerLog("Last login on " + last_login);
        runnerLog(l.username); runnerLog("Aged account: true");
        boolean deactivated = admDeactivateUser(l.username); // User account is aged, so deactivation is attempted
        if (deactivated) { // User account deactivation was successful
            runnerLog(l.username); runnerLog(" - User account deactivation was successful");
        }
        else { // User account deactivation couldn't be performed
            runnerLog(l.username); runnerLog(" - User account deactivation was unsuccessful");
       }
    }
    else {
        runnerLog("Last login on " + last_login);
        runnerLog(l.username); runnerLog("Aged account: false");
    }
}

Script execution (output example):

Instructions

Related articles