Summary

The count of Jira Service Management licenses is higher than the number of users on the jira-servicedesk-users group.

Checking the product access

The first step is to check which groups have the Jira Service Management agent access permission.

User Management Experience

1. In Jira's left panel, click on Jira settings > User management. 
2. On the Admin panel, click on Product access.
3. The groups with agent access are listed below Jira Service Management. 

Any user that is provided with a Service Management application access will be added to the default access group.

Another configuration to keep a watch is users added to the Trusted Role:

This role will, automatically, assign all the application accesses to the user.

Improved User Management Experience

1. Go to admin.atlassian.com. Select your organization if you have more than one.

2. Select Products from the header.

3. You will see the user count listed beside the product.

4. Clicking on Manage Users will take you to the licensed users list.
5. Clicking on Manage Product Access will take you to the groups that have product access.

In the Improved Experience, the Trusted role doesn't exist anymore.

Remove groups from product access

Now that you have identified which groups grant users with Jira Service Management agent access and users in the Trusted Role, you can go ahead and remove those that should not provide licenses.

For Users in the groups:

1. Select the group that you want to remove and click on ••• > Remove group.
2. Check if the license count matches the number of users on jira-servicedesk-users group.

For users in the Trusted Role:

1. Access the user's profile and change their Role to Basic.
2. Now toggle off the application access of Jira Service Management.