User provisioning

User provisioning
User deprovisioning

Opal supports automatic user provisioning and deprovisioning for some integrations. Feel free to reach out to request user provisioning or deprovisioning on additional integrations.

User provisioning is triggered when users are granted access to a group or resource in Opal, or from the POST /users endpoint for custom connections. When provisioning is enabled on an integration, users are created in the end system if they don’t already exist. Provisioning is supported in the following integrations:

Custom Connectors
Snowflake

Enable user provisioning when you edit a connection. For example, on custom connectors, use the Provision custom connector accounts setting.

User deprovisioning

User deprovisioning deactivates a user in an end system. For custom connectors, you should implement the DELETE /users/{user_id}endpoint to deactivate your users. When enabled, user deprovisioning is triggered:

Manually, by selecting a user in Inventory > Accounts for the connection
In access reviews, when access is revoked
When a user is deprovisioned in an IdP/HRIS

Deprovisioning is supported in the following integrations:

Custom Connectors
Okta
Duo
Google Workspace
Salesforce
Pagerduty

Enable user deprovisioning when you edit a connection. In the custom connector example, use the Deprovision custom connector accounts setting.

Custom Opal roles Create Access Reviews

⌘I

Welcome

Getting Started

Access Management

Auditing and Security

Custom Integrations

For Developers

User provisioning