If an admin on your account has previously generated a SCIM token, it will not be possible to deactivate their user or change their user type from an admin to non-admin. This restriction is in place in order to prevent SCIM provisioning from failing on your account.
In this article, we'll discuss more about why it is not possible to deactivate/change the user type of such an admin, and how to go about generating a new token. Let's get into it!
Why have this restriction?
If an admin who created a SCIM token were to be deactivated or stripped of their admin rights, the SCIM token will stop working due to it being linked to the admin user that generated it. If this situation were to occur, the SCIM provisioning on the account would fail.
In order to prevent such a situation from happening, we no longer allow the deactivation or changing the user type of an admin who generated a SCIM token.
When does this restriction apply?
This restriction will apply when using the user management section to deactivate an admin who has previously generated a SCIM token, or to change their user type to a non-admin.
How to get around this
If you'd like to proceed to deactivate/change the user type of such an admin, we recommend to follow the steps below!
Step 1: Generate a new token and add it to your IDP
To generate a new SCIM token, click into the "Security" tab of the admin section and navigate to the Manage users and teams (SCIM) category. Click on the right on the right to open up the panel. From there, select "Generate" to create the new token and then "Copy".
Once the new token is copied, you can paste it into your own identity provider in order to activate it.
Step 2: Delete the token created by the admin
After you've entered the newly generated SCIM token into your identity provider, you can then delete the old token created by the admin that you are looking to deactivate or change to a non-admin.
To do this, in the same SCIM category as above, scroll down to the "All tokens" section to see a list of all the SCIM tokens that were generated on your account. From here, simply press "Delete" next the to the token that was generated by the admin that you are looking to deactivate/change to a non-admin.
Step 3: Deactivate or change the user type of the admin
Once the previous admin's SCIM token has been deleted, you are now good to go to deactivate or change them to a non-admin! To do this, enter the user management section of your account and click to change their user type or to deactivate them, as below.
And, that's a wrap! By first creating a new token to enter into your IDP, deleting the old token, and then deactivating/changing the user type of the admin who generated it, you can ensure that your team's account access will remain smooth and uninterrupted at all times.
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.
Comments