Hi @Jonathon Choy
What I believe is happening: the user’s email already exists as an Atlassian account (maybe created outside SCIM). When SCIM tries to provision, it fails because the account already exists. Deleting it works, but only after the 14-day grace period, which is why you see the delay.
Workaround using the API (even for IdP-managed accounts):
1. Update the email via Atlassian Admin API
Use the same API key you configured for SCIM in Azure (the one Atlassian Guard uses).
Endpoint: PATCH https://api.atlassian.com/admin/v1/orgs/{orgId}/directory/users/{accountId} Sample body:
{
"email": "user_old@example.com"
}
2. Delete the account
After changing the email, delete the user in Atlassian Admin (or via API).
This frees up the original email immediately.
3. Trigger a manual provisioning cycle in Azure AD
Go to Azure AD → Enterprise Applications → Atlassian Cloud → Provisioning → Provision on demand and run it for the user.
This reprovisions the user with the correct email and groups.
Important: Any contributions from the old account will show as “Former user” after deletion (expected behavior in Atlassian Cloud).
Hope this helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.