Skip to main content

Will manual user creation/invitations be made unavailable for users inside the domain when SCIM is enabled?

Current security/administration issue we are facing:

  • Security Admin Role is being overly used and assigned for the impersonation feature.
    • This is used for troubleshooting issues with Clients/Users for application/model building.
    • Is it possible to change the level that requires this access in the future?
  • With SSO enabled we still have users attempting to invite or manually create users with internal Domain accounts.

We need to confirm that the SCIM security constraints are not circumvented with users being able to create/invite internal domain users.

My apologies, I found my answer.


Hi Sean,

Glad you found your answer.
I still want to give some hints for potential other Community users reading this question.

 

Ideally, there should not many a lot of Security Admins in your workspace. This level of workspace role is given by other Security Admins. 

I’d recommend a review of the roles because Security Admins can access any application and role within the Workspace. It is the highest role.

 

Secondly, you can restrict the domains you want people to join with. In the members management page, find “Restrict domains”

That way, only the authorized domains can be invited, all others domains attached to SSO will be forced to log in via SSO.

 

Please do not hesitate if you have further questions.

 

Best,


Reply