I'm having SCIM Provisioning Issues with Teams and Users.
Please see below notes:
- Ensure that you have assigned users or groups to the SAML application.
- When you invite a user from the identity provider or assign a user into a group that has been provisioned, the IdP will send the request to Keeper to either invite a user to join, or to add a user to a team, or to create a team.
- If the user does not exist yet in Keeper, they will receive an invite to sign up (or they can use just-in-time provisioning)
- After the user has created their Keeper account, the user will not yet be assigned into a Keeper team until one of a few things happen: (a) Admin logs into the Admin Console > Click on "Full Sync" from the Admin screen (b) A user from the relevant team logs into the Web Vault or Desktop App (c) Admin runs team-approve from Keeper Commander The reason that teams and users can't be created instantly via SCIM, is due to the encryption model and the need to share a private key between users. Sharing an encryption key (e.g. Team Key) can only be performed by a user who is logged in, and has access to the necessary private keys.
Note: We are currently in development of automation tools to assist in the instant approval of Teams and team assignments. We'll post updates when this is available.