User provisioning
Learn about user provisioning and deprovisioning in Opal.
Opal supports automatic user provisioning and deprovisioning for some integrations. Feel free to reach out to request user provisioning or deprovisioning on additional integrations.
User provisioning
User provisioning is triggered when users are granted access to a group or resource in Opal, or from the POST /users endpoint for custom connections. When provisioning is enabled on an integration, users are created in the end system if they don't already exist.
Provisioning is supported in the following integrations:
- Custom Connectors
- Snowflake
Enable user provisioning when you edit a connection. For example, on custom connectors, use the Provision custom connector accounts setting.
User deprovisioning
User deprovisioning deactivates a user in an end system. For custom connectors, you should implement the DELETE /users/{user_id} endpoint to deactivate your users.
When enabled, user deprovisioning is triggered:
- Manually, by selecting a user in Inventory > Accounts for the connection
- In access reviews, when access is revoked
- When a user is deprovisioned in an IdP/HRIS
Deprovisioning is supported in the following integrations:
- Custom Connectors
- Okta
- Duo
- Google Workspace
- Salesforce
- Pagerduty
Enable user deprovisioning when you edit a connection. In the custom connector example, use the Deprovision custom connector accounts setting.
Updated about 13 hours ago