a1z7c (a1z7c) asked a question.
How to remove users from inactive application without risk of auto provisioning
We have a SAML application that was previously inactivated some months back. There is now a use case to bring it back but for a much smaller subset of users. Currently the "People" tab of the inactive application shows all of the previous users are still assigned via group type access. However on the "Groups" assignment tab, there are no group assignments for the application.
I'd like to re-activate the application and just assign it to the smaller group, but don't want to risk it trying to auto provision all of the previously assigned users since auto provisioning was enabled for the app. Is there a way to unassign the users prior to activating it? Or would it be best to just create a new app integration?
Hello @a1z7c (a1z7c) Thank you for posting on our Community page!
Since the application was deactivated and Provisioning was left active, there is a high chance that everything is still connected and users will be provisioned to the app. At the same time once a user is then removed from the application it will deactivate them from the application.
If the group assignment is done based on a group assignment, I would recommend to just remove the users from the group prior to reactivating the application and this should resolve your issue.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.