Skip to content

[ZT] SCIM identity auto-update #18251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Nov 20, 2024
Merged

[ZT] SCIM identity auto-update #18251

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bd7e7c9
PCX-14656
ranbel Nov 18, 2024
10b57a7
Update enable-scim-on-dashboard.mdx
kennyj42 Nov 18, 2024
388d9d9
link to user registry identity
ranbel Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,14 @@ import { Markdown } from "~/components"

3. Turn on **Enable SCIM**{props.and}**{props.supportgroups}**.

4. (Optional) Turn on the following settings:
4. (Optional) Configure the following settings:

* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any Gateway WARP session policies.
* **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/).
* **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/identity/users/seat-management/) from your Zero Trust account when they are removed from the SCIM application in {props.idp}.
* **Enable group membership change reauthentication**: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any Gateway WARP session policies. Access will read the user's updated group membership when they reauthenticate.
* **SCIM identity update behavior**: Choose what happens in Zero Trust when the user's identity updates in {props.idp}.
- _Automatic identity updates_: Automatically update the user's identity when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway Policies and Device Profiles. Access will read the user's updated group membership when they reauthenticate.
- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/identity/users/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
- _No action_: Update the user's identity the next time they reauthenticate to Access or WARP.

5. Select **Save**.

Expand Down
Loading