support user active/inactive state instead of deleting expired temporary users #53343
Labels
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Comments
flyinghermit
added
the
feature-request
|
Same as #9075? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like Teleport to do?
Instead of deleting expired temporary users from backend, maintain
active|inactivestate of the temporary users. Alternatively, we can supportdelete on expirytoggle letting admin configure expiration behaviour.What problem does this solve?
Various Teleport integration services support SCIM client/server (Okta, Sailpoint, Identity Center integration) , permission assignment (Identity Center integration) and each integration needs to handle a special case for temporary users. It adds complexity to integration system and affects user experience. For example, any time temporary user account is created/removed, they need to be provisioned/de-provisioned in upstream SCIM server. Given provisioning are not always instant and subject to API throttling, user may need to wait for few more minutes before they can access the upstream service.
If a workaround exists, please include it.
The current system works too but it demands special case for each new user identity related integration we support.
The text was updated successfully, but these errors were encountered: