Group Sync: Provide alert when last group link is removed from subgroup

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

When a group owner removes the last group link on a group/subgroup, it would be helpful to provide a message to alert them that the removal of the last link can result in elevated group roles persisting.

Our documentation is clear that Group Sync will stop managing group membership when the last link is removed, however it could be easily overlooked with significant risk to an organisation as a result.

• If a SAML group link is created then removed, and there are:
  • Other SAML group links configured, users that were in the removed group link are automatically removed from the group during sync.
  • No other SAML group links configured, users remain in the group during sync. Those users must be manually removed from the group.

Related ticket: https://gitlab.zendesk.com/agent/tickets/534011

Proposals:

1. A pop up 'alert' for the Owner who removed the last group link
2. An email to all group owners so they can manually remove any elevated roles if required
3. Could we prompt: 'Do you want to remove roles elevated through this last Group Link?' and if the answer is yes, an empty group link be assigned automatically to the group that will result in the removal of the elevated permissions on next login.