Consolidating group membership fragmentation in Directory Sync
Identity Providers implement the SCIM protocol in subtly different ways, leading to potential vulnerabilities. We’ve mitigated this by taking a standardized approach to handling group membership events like deactivation, suspension, and reactivation.
To ensure consistent behavior across SCIM providers and reduce potential vulnerabilities, all users that are updated to “suspended” state will now result in a deletion of that user’s group memberships. You can find more details in our recent blog post.