Removing a user when they are removed from an IdP?
-
Does FusionAuth have any facility for being updated when an integrated IDP (a saml identity provider or OpenId Provider) removes a user on their end?
-
You would have to add a hook in your IdP to make an API call to delete the user in FusionAuth. However, because the SoR will no longer have this user, the use will not be able to log in via FusionAuth either unless their password is reset.
We have discussed adding support for SCIM which may provide some of these types of features assuming other IdPs also support this standard. This is on the roadmap: https://github.com/FusionAuth/fusionauth-issues/issues/106