Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-21 07:58:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 110
fleet/server/mock
History
Nico 5196521586
Delete Fleet users when deleted from IdP: Server changes for SCIM handling of deletion (#38321) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38087 

More context:
https://fleetdm.slack.com/archives/C084F4MKYSJ/p1768336339026999 and
https://fleetdm.slack.com/archives/C084F4MKYSJ/p1768512354275959.

## Testing

- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

### Okta

NOTE: Okta does not send `DELETE` requests when deleting a user.
Therefore, we decided to perform Fleet users deletion when the
deactivation happens (`PUT` request).
There's an edge case where a `deactivated` user in Okta is `activated`
back again: Okta sends a `POST` request as if a new user was created --
due to this I added an extra check on the `UserHandler Create` function
so that we don't attempt to create a duplicate SCIM user and instead
replace the existing record (basically, the only change should be
`active=0` -> `active=1`).

What I tested:

- [x] Deactivating user in Okta switches `scim_users` record to `active
= 0` and deletes matching `users` records.
- [x] Activating a deactivated user in Okta switches `scim_users` record
to `active = 1`. Note that a `users` record is not created
automatically. For this, there are two alternatives that we'll mention
in the documentation:

1. Manually create a user from the **Users page**.
2. Log in to Fleet using SSO (must have SSO and the **Create user and
sync permissions on login** setting enabled). Note that an activation
email is sent and the user must provide a new password, or an admin in
the Okta dashboard can set up a one-time password and share it with the
user.


https://github.com/user-attachments/assets/5262a581-41f0-4a88-aa73-40768064f8f5
2026-01-19 11:35:42 -03:00
..
digicert Hydrant CA Feature Branch (#31807) 2025-09-04 12:39:41 -04:00
mdm Cloudfront signing for in-house apps (#37650) 2026-01-05 16:30:31 -05:00
mockimpl Add new datastore method, validate when setting manual agent install (#32815) 2025-09-18 13:03:51 -04:00
mockresult Move external dependency mockimpl to monorepo (#15863) 2024-01-10 11:46:24 -03:00
nanodep Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
scep Add backend support for Smallstep CA (#32872) 2025-09-25 10:03:36 -05:00
service Delete Fleet users when deleted from IdP: Server changes for SCIM handling of deletion (#38321) 2026-01-19 11:35:42 -03:00
software Cloudfront signing for in-house apps (#37650) 2026-01-05 16:30:31 -05:00
datastore.go remove println and fix datastore mock generator (#34305) 2025-10-15 17:22:51 -03:00
datastore_installers.go update mockimpl version to allow concurrent mock calls (#9989) 2023-02-21 16:36:06 -03:00
datastore_mock.go Delete Fleet users when deleted from IdP: Server changes for SCIM handling of deletion (#38321) 2026-01-19 11:35:42 -03:00
datastore_users_helpers.go Add support for context in datastore/mysql layer (#1962) 2021-09-14 08:11:07 -04:00
errors.go Remove unneeded interfaces (#1779) 2021-08-24 18:49:56 -03:00
service.go Add new datastore method, validate when setting manual agent install (#32815) 2025-09-18 13:03:51 -04:00