SCIM Block/Unblock for Enterprise Users
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Release notes
Problem to solve
Customers in our SaaS environment want to be able to fully remove access for users that are not part of their group anymore. Today users can be removed from their group but those users can still access our SaaS instance. This is problematic for security-minded organizations since they don't want to take any risks that that account could access potentially sensitive information in their personal namespace or public projects owned by their organization.
Proposal
Instead of removing users from the group using SCIM, also Block them. If a user re-joins the group, they will need to be unblocked too. We should only give this configuration option to Enterprise Users (aka the ones created by SCIM or SAML).