Deploy scim bridge only for offboarding?

eingfoan
eingfoan
Community Member

Is it possible to deploy scim bridge only for deactivating users that are not active in aad anymore?
If yes how would that look like?

Chris


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • laz.h_1P
    laz.h_1P
    1Password Alumni

    Hi Chris,

    That is not possible. If you set up the SCIM bridge and configure it with an IdP integration, the IdP will send requests to your bridge for all user events in configured groups. I would suggest setting up a SCIM bridge, and then creating a specific group for 1P users and provisioning users in and out of that. Deactivating a user will deactivate them in 1P, and you'll only control users that are in the 1P users group.

  • eingfoan
    eingfoan
    Community Member

    sad

    OK. thy for your help.

    @laz.h_1P do you know what scim does with users that have been added manually?
    1) the ones with a matching email
    2) the ones without?

  • laz.h_1P
    laz.h_1P
    1Password Alumni

    Sure thing!

    When you first set up the SCIM integration on your IdP, nothing will happen. You have to choose which groups you want to be synced, and only then will changes start to reflect in your 1P account. Once you configure a group that has existing (manually added) 1P users in it, the state of those users will simply change to reflect the IdP state. For users that do not yet exist, they will be invited to 1P after being added to a synced group.

    Hope this helps

This discussion has been closed.