cloudbeaver icon indicating copy to clipboard operation
cloudbeaver copied to clipboard
verified publisher icon dbeaver

SAML - users not deleted

Open Vormillion opened this issue 9 months ago • 2 comments

Hi,

We are using SAML for SSO with Azure AD. We can't use Azure AD integration as it fails if user has more than 100 groups in AD.

Everything works fine with SAML but Cloudbeaver is not contacting Azure to check if existing users in configured Azure groups (CB Teams) are still present in Azure.

As a result, if user accessed CB one time, when he was added in proper AD group, then he will be visible in CB as active user forever, doesn't matter if user was deleted from allowed group or was fully removed from AD.

Vormillion avatar May 28 '25 14:05 Vormillion

Hi @Vormillion Thank you for the report. We will add unmapping from CB groups when a user is removed from a group by the provider.

Just to be clear. Do you mean removing user from all AD groups?

was fully removed from AD

EvgeniaBzzz avatar May 29 '25 09:05 EvgeniaBzzz

Hi,

So there are two cases when CB should delete user or mark is as disabled.

  1. User is fully deleted from AD.
  2. User is deleted from AD group(s) which is allowed in CB.

Vormillion avatar Jun 02 '25 13:06 Vormillion