As an admin, I want the SCIM user provisioning to sync groups and memberships from the IdM/IdP even if they exist in my Cloud site

XMLWordPrintable

      Problem Definition

      There's a current limitation in SCIM user provisioning:

      Unsupported features

      User provisioning doesn't support the following features related to groups:

      • ...
      • Pushing a group from your identity provider that has the same name as a group in your organization. Otherwise, you'll get an error when you try to sync.

      This makes the SCIM user provisioning very painful for customers with existing Cloud sites with many users/groups, especially with ACCESS-608 missing. 

      With the absence of this feature, admins have to delete all groups from Cloud and let the sync create them again. Furthermore, we can't guarantee permissions will pick up the new groups.

      Suggested Solution

      Groups should still be synchrnoized even if the exist in Cloud. If a group exists in Cloud, it should just be linked to the group IdM/IdP and reflect any future changes.

      Workaround

      None

            Assignee:
            Unassigned
            Reporter:
            Arbi Dridi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: