Add Capability to Force-Delete SCIM-Provisioned Users or Groups | Feature Requests | harness

Add Capability to Force-Delete SCIM-Provisioned Users or Groups

under review

Evergreen Iguana

Currently, when a group exists in both Azure AD and Harness, but certain users are found only in Azure AD, forcing provisioning from Azure AD fails. This occurs because Azure identifies the user as already present, even though it is not in Harness. We propose a feature to enable account administrators to force-delete users or groups that were provisioned via SCIM. This functionality would allow for a clean refresh of data from Azure AD, resolving synchronization issues without manual intervention.

January 2, 2025

Visiting Puffin

I second the need for a way to delete SCIM created groups in Harness. Currently, I am stuck with a group provisioned through Azure, with no way to delete it through the UI. I assume I may have more luck using the Harness API to delete this but it would be much more preferred to have Azure automatically clean the group up after it is removed from the list of azure groups in the enterprise application.

There's an underlying resource group for each of our user groups in Harness that determines the scoped projects that team has access to. So after I remove them in Azure; their user group, resource groups, and access are all persisting. I don't necessarily need to clean up the resource group but if I'm not in the Azure group list I shouldn't be able to access Harness via SSO.

Prateek Mittal

marked this post as

under review