Existing Users and Groups on new SCIM Deployment

frostbit3
frostbit3
Community Member

Do existing users/groups get effected when enable the "Provision Users and Groups"? In my limited testing it doesn't appear that it does, but I wanted to see if anyone else had any additional clarification/confirmation. I've got some users that are not in our directory properly that we're working on fixing, but they currently have access to 1Password and are in custom groups defined in 1Password that give them access to resources. I just wanted to confirm that they indeed stay the way they are now and do not lose access to their account if they're not in our directory that SCIM is going to integrate with.

Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • TimBatist
    TimBatist
    Community Member

    @frostbit3 I have had some testing with the SCIM bridge as well. As far as I know, existing users which are not in your identity provider will not be affected by your SCIM-bridge. They will only be affected if you have users in your 1Password organization who's email address exists in your identity provider. Those users, as well as the new users from your identity provider, will be controlled by user provisioning. This will limit your possibilities to configure some settings for those users within the UI (browser or application), but you can always manage users using the CLI. To do this, you have to add yourself (or any user who must have permission to manage users) to the "Provision Managers" group.

  • Hi @frostbit3,

    @TimBatist is correct, existing users are not impacted if they are not present in the directory of your Identity Provider. You can manage them as an administrator via the 1Password UI as normal. They will only be managed by the provisioning manager when a matching email is added to your IDP, at this point they are treated just like any other IDP provisioned user.

    Hope that clarifies this for you.
    Please reach out if you need any help further.

    Kind regards, Hass

This discussion has been closed.