Cannot delete user after failed deprovisioning from SSO (Okta)
We are using Okta as our SSO. There is an automatic deprovisioning that happens when accounts are deactivated. It usually works, but occasionally it does not. The error in Okta is "Error while deactivating user : xxxx@xxx.com: Received fatal alert: internal_error." This is not the issue, the issue is now that the account is deactivated, there is no way in 1password for me to delete the user. They are still active, we are still paying for them, and they are no longer a part of the company so it is now a security issue that they still have access to this information. I have already assigned my self the "Provisioning Manager" group and still, i cannot deactivate the account.
We CAN NOT re activate the OKTA user, and attempt to deprovision again. We have tried this, and it just causes more issues with many apps. Creating many more "unable to deprovision" issues, and more security issues with sending out welcome emails to employees that have been terminated.
How do I delete a single user through 1Password when we have a SSO set up with our accounts.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Okta
Referrer: forum-search:Cannot delete user after failed deprovisioning from SSO (Okta)
Comments
-
@steakboy if you visit the settings page in the admin console, you'll see the "provisioning" tab at the top. Switch provisioning off and click save, then you'll be able to delete the user in question.
Make sure you re-enable provisioning afterwards so the SCIM bridge will continue to work.
Also, once you've sorted out the emergent situation, I would love to help figure out exactly what the underlying issue is so that it never happens to you again.
0 -
Once i disable the provisioning. Will it remember the API keys, passphrases, and SAML settings for the provisioning once i re enable it?
0 -
Sweet. I did it. Thanks for the help!
0 -
Great! Let us know if there's anything else that we can help you with :)
0