Sign in to submit new ideas and vote
Get Started

Update Okta SCIM Connector to Deactivate instead of Delete SmartSheet Users

rwood
rwood ✭✭
in Smartsheet Product Feedback & Ideas

Currently, when integrating SmartSheet with Okta and leveraging SCIM provisioning, the "Deactivate Users" feature on the Okta side will Delete the user's SmartSheet account, even if they are licensed and own sheets. This is problematic for automation purposes and results in pain from both security & user experience perspectives.

Now that SmartSheet has the Deactivated status, can the OIN (Okta Intergration Network) SmartSheet app be updated to Deactivate users instead of Delete them, whenever SCIM functionality is setup between Okta & SmartSheet, and the Deactivate Users functionality is enabled? See below, how we have Deactivate Users turned off otherwise folks get deleted in SmartSheet whenever they are unassigned from the app, or their Okta account is deactivated:

image.png

More info can be found here: Smartsheet Provisioning (okta.com), specifically:

image.png

Thanks!

Share on FacebookShare on Twitter
6
Up
6 votes

Idea Submitted · Last Updated

Comments

  • kenny_d_23
    kenny_d_23 ✭✭

    This is causing us significant issues in offboarding users meaning without the workaround of disabling user deactivation for our instance we have to setup leavers again to transfer the content prior to deactivating manually now.

    · Share on FacebookShare on Twitter
  • rheavner
    rheavner ✭✭

    +1 on this. We are also building similar work arounds because of this behavior. We need the Smartsheet accounts to be deactivated to allow for sheets to be transferred after a person as left the company.

    · Share on FacebookShare on Twitter
  • sdionne
    sdionne ✭✭

    +1 on this as well. We can't use Okta automatically offboarding the user.

    · Share on FacebookShare on Twitter
  • Sebastien Grondin
    Sebastien Grondin ✭✭✭

    +1 also

    · Share on FacebookShare on Twitter
  • pcookhayboo
    pcookhayboo ✭✭

    +1 to this. I've had to use Okta Workflows to do what Okta provisioning normally would and even then, I still have to login and manually transfer sheets.

    · Share on FacebookShare on Twitter
  • mldelsasser
    mldelsasser

    +1 for this
    I did the same thing. I had to disable the native 'deactivate users' in the provisioning window and create a custom workflow to disable the user so it didn't delete them. (Since SS has added that disabled users are deleted after 7 days, which does throw another wrench in there and requires checking and moving their documents before that time period is up.)
    Problem is this also prevents return employees from being re-provisioned properly, and I can't find a API equivalent to 're-invite to tenant' to do a custom workflow.
    Anyone have any updated comments or suggestions on this thread?

    · Share on FacebookShare on Twitter

Categories