Assets - Track active and deleted users imported from user directory
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Purpose
Companies using Asset Management applications and databases often track employees as assets. Built-in LDAP import functionality can be used to import the list of users into Jira Assets and track them as assets. However, depending on Assets import configuration settings, Assets will not contain users who had been deactivated (deleted) in the user directory (e.g. Microsoft Active Directory).
This article explains how to track historically which users had been recorded as active and then got inactive after they got removed from the user directory (e.g. after they left the company).
Solution
Example
Goal
After importing the users, mark newly imported users with Status = Active
Once a user has been removed from the user directory, mark the user with Status = Inactive in Insight, but keep the user recorded in the asset inventory.
Step-by-step
Create Status and Inactive attributes
Create "Status" attribute (type: Status) that will have values "Active" and "Inactive":
Create "Inactive" attribute (type: boolean) that will serve as an indicator of user presence in the user directory (this attribute will get updated accordingly during the import job):
Set up the import job
Create the LDAP import job with the necessary primary configuration (LDAP connection, sync scope, etc.)
Create an Object type mapping with the following configuration, that will update "Inactive" attribute value to "True" for missing object only (this will be the condition for the automation rule to kick in later and set Status of the user as "Inactive"). Note: Threshold Type and Threshold Number can be configured as desired.
Map one LDAP attribute (which has a value that is always present in LDAP) to the "Inactive" attribute. In this case, we mapped "displayName" LDAP attribute to "Inactive" Insight attribute; if the "displayName" is present, the "Inactive" will be set to "False" value (this is how Insight import works with boolean attributes):
Set up the automation rule
Create and enable an automation rule that will check Inactive attribute values.
For every object that has Inactive = "True" and Status = "Active", the automation rule will update the object and set "Status" to "Inactive". An example automation rule configuration:
Result
Now, all users who get deleted from the user directory, will be marked as Inactive in your Object schema (after number of import events, and based on the import threshold). The users will not be deleted from Insight, so you will be able to track history of employees that move throughout your organization.
Was this helpful?