How are users suspended/deprovisioned?

rogersmjrogersmj Junior Member

We terminated a 1Password user for the first time since we setup the SCIM bridge (Azure AD). I cannot figure out how to deactivate their 1Password access. The docs say you can "Suspend deprovisioned users" but never mentions how this works.

We've removed the user from the Active Directory groups that get synced to 1Password, but their 1Password account is still listed as active and the option to suspend it is grayed out. I see successful updates in the AD provisioning logs, but they are still members of those groups (and active) in 1Password.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • rogersmjrogersmj Junior Member

    Would really appreciate some help here...we now have two users who are gone from the company but we can't figure out how to disable them in 1password, and we're still getting charged for them.

  • AGAlumBAGAlumB 1Password Alumni

    @rogersmj: I'm sorry if I'm misunderstanding, but there may have been some confusion because you're posting this in the SCIM Bridge category of the forum, when to me it sounds unrelated to that. It seems like you just need to remove them from the team/business plan:

    Add and remove team members

    Does that help?

  • duncan_1Pduncan_1P

    Team Member

    @rogersmj When a user is removed from Azure AD or has the 1Password entitlement removed, they should automatically be suspended in 1Password.

    Would you mind dropping us an email to [email protected] including SCIM in the subject line with logs from the SCIM bridge around the time you removed the user? We'll have a dig through those and work out what's going on. Many thanks!

  • rogersmjrogersmj Junior Member

    @brenty No, that doesn't help, because as I stated in my original post I'm using the SCIM bridge and I don't have the option to disable people in the admin panel. That option is grayed out, presumably because I have users being provisioned via the SCIM bridge.

    So we still cannot block people we've terminated from logging in, and we're still paying for them.

  • BenBen AWS Team

    Team Member

    Thanks for clarifying @rogersmj. As Duncan suggested I'd recommend emailing [email protected] with SCIM in the subject line and please attach logs from the SCIM bridge (narrowed to the time when the user was removed from AD).


  • rogersmjrogersmj Junior Member

    @duncan_1P Email sent! Thank you.

  • AGAlumBAGAlumB 1Password Alumni

    Thanks for clarifying. It wasn't clear from your original comments that you'd tried that already, so I thought it was worth a shot. We'll continue the conversation via email. :)

This discussion has been closed.