This is usually a problem for customers, as they want to utilise the default Atlassian groups to simply their Jira project setup. When they create a new Jira project, they don't want to have to also mess with the Global, Product and Project settings to ensure the right users have access to the right projects. The Admin Automation app allows customers to automatically add and remove users from any of the default Atlassian product access groups.

The site-admin and org-admin groups are 'protected' groups within the Atlassian products, and cannot be sync'd to with SCIM. The Admin Automation app allows customers to automatically add and remove users from the site-admin and org-admin groups, as well as any of the other administration groups in admin.atlassian.com.

Many Atlassian customers find that the 'User Access Settings' are hard to lock down, they want to completely remove any user that isn't added via SCIM sync. This includes users that are invited by other users, users that self-join and users that are manually added via a site or org admin. There are two ways that the Admin Automation app can help with this:

1. Customers can designate a 'key' SCIM group, and only users in exist in that group can be added to a default Atlassian product access group. e.g. If a user exists in the idp-jira-users group, then add them to jira-software-users group. If a user doesn't exist in the idp-jira-users group, then remove them from the jira-software-users group

2. Customers can create an empty group, and create an automation rule to sync the empty group to the default Atlassian product access groups. This ensures that the default groups are always empty and anyone manually invited or added via another user will be removed automatically. e.g. Create a group called empty-group, and create a rule to run hourly; If a user is not in empty-group, then remove them from jira-software-users group

Unfortunatly, Atlassian admins don't have many options to perform bulk actions on users and groups. The Admin Automation app allows 'Run Once' rules to be run, to add or remove 1000's of users from one group to another, quickly and easily.

There are a few situations where customers want to merge different groups. The most common is related to having multiple SCIM groups, but not wanting to have to manually grant each of those groups product access:

1. Merging multiple SCIM groups into one, to give that one group Jira or Confluence user access.

2. Merging multiple 'Customer' SCIM groups into one, to give that one group the Customer Role in Jira Service Management.

There's also the use case where the Site Admin or Org Admin doesn't have control over the groups created in their IdP. They have too many groups with small numbers of users in them, and no way to control which groups are created in the IdP. Mergings multiple SCIM groups makes managing product access much easier.

The Admin Automation app can be used to create multiple rules that run to add or remove users from a single group, based on if those users exist in one or more SCIM sync'd groups.