Okta <> SCIM Deprovisioned

Options
TungLe
TungLe
Community Member
edited July 2023 in SCIM Bridge

Hi experts,

We have the auto provisioned and deprovisioned seems working well. But recently I just noticed that there were few users seems not being deprovisioned properly. Those uses has been deactivated in Okta for few months ago (more than 3 months) but I don't know why they are still in 1Password. I can't find any value logs or any information about this.

Please note that there were few users (not all) and so far, the auto provisioned is still working as today, we have a new member here.

Can someone support me on this case ?

Thank you !!!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • hemal.g_1p
    hemal.g_1p
    Options

    Hi @TungLe ,

    Thanks for writing in. That's really odd to observe that some deprovisioning have worked and some didn't go through. Anyways this can be resolved by manual actions by temporarily pausing provisioning within 1Password.

    To do so, please navigate to the provisioning page in 1Password. From there, you can flip the toggle switch for provisioning which will only pause provisioning (allowing manual actions to then be taken on accounts) instead of deactivating provisioning. With provisioning paused, you can then manually suspend and/or delete the account in 1Password. After performing that action, you can turn provisioning back on by going back to the provisioning page and flipping the switch back.

    Feel free to share how it goes.

  • TungLe
    TungLe
    Community Member
    Options

    Hi @hemal.g_1p thanks for the reply. So you mean, there is no 2 way check-in between Okta and 1Password so far? is there any way to Okta & 1Password syncing the user profile (email, username, password and the status state)

  • hemal.g_1p
    hemal.g_1p
    Options

    So Scim bridge interprets every request received from Idp and execute relevant action in 1Password.
    In Okta under your 1Password Business application, you can find Provisioning(To App) settings which should have all items checked i.e create users, update user attributes and deactivate users. This is control centre for Scim bridge actions.

    When you remove a user from the "Assignments" section in the 1Password Okta application and they are no longer a member of any other groups in the Assignments section, the user should remain in any pushed groups still synced with 1Password, and have a status of "Suspended".

    When you remove a user from a "Push Groups" in Okta, the user should be removed from the synced group in 1Password but not removed from the 1Password's "People" section and still be a member of any other 1Password group they may have been assigned to.

    If this is not the behaviour you are experiencing, we would like to understand problem for users in question. Feel free to reach us(via email at businesssupport@1password.com) and we can help you out.

This discussion has been closed.