auto remove auto-provisioned groups + users?

1Password Team

2 years ago

Thanks for reaching out.
Great question!

Your 1Password SCIM Bridge should never be able to Delete an account; if a user is deleted, suspended or removed from provisioned groups in your Azure AD, those users should be put into a Suspended state in their 1Password account. You may delete such users manually as needed.

However the unique situation where a SCIM bridge will Delete a user, is if a user was manually invited through 1Password (without a SCIM bridge) and an Admin never confirmed them before the SCIM bridge made a match on the e-mail address, your SCIM bridge would then Delete the account if the user was Suspended from the IdP side. That scenario would be rare and unlikely in your situation.

You're correct about the wait time of Azure AD as takes approx 40 minute provisioning cycle. To circumvent the 40-minute wait time that Azure AD imposes on 1Password Enterprise application, it has a option called "Provision on demand". You can use it to test or assign a user and immediately view the outcome.

Let me now if you have additional questions.

Forum Discussion

auto remove auto-provisioned groups + users?

Recent discussions

1PW extension bug: autofill theme detection fails when using oklch color scheme

Connection reset when `podman login` runs `op`

request: remember application approval for SSH agent

SSH Bookmarks don't support Port Numbers

Feature Request - Access vault from inside docker container