You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An identity can be disabled using the identity disable endpoint, but an identity can't be created in an initially disabled state. This forces clients that want to setup a disabled identity to first create it enabled and then disable it in a second request. If there's any issue between the create and disable request, its possible that the identity is left enabled, which may be a violation of the client's security policies.
This use case (creation of disabled identities) exists in provisioning integrations, like SCIM, which are responsible for provisioning identities in ziti based on some other system, typically an IdP. Many IdPs support the notion of users being active or not. SCIM as a protocol has a disabled property on the user.
The text was updated successfully, but these errors were encountered:
An identity can be disabled using the identity disable endpoint, but an identity can't be created in an initially disabled state. This forces clients that want to setup a disabled identity to first create it enabled and then disable it in a second request. If there's any issue between the create and disable request, its possible that the identity is left enabled, which may be a violation of the client's security policies.
This use case (creation of disabled identities) exists in provisioning integrations, like SCIM, which are responsible for provisioning identities in ziti based on some other system, typically an IdP. Many IdPs support the notion of users being active or not. SCIM as a protocol has a disabled property on the user.
The text was updated successfully, but these errors were encountered: