Expand my Community achievements bar.

Latest Community Ideas Review is Out: Discover What’s New and What to Expect!

Is there a way to see what users no longer have SSO access?

Avatar

Level 9

If a user has their SSO access removed due to termination in the company, I know it removes their ability to access Workfront. However, we do not always receive notification that a user has left the company. Is there a text mode or something of the sort that will show if the previously linked SSO profile is now null/inactive?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

2 Replies

Avatar

Level 4

I don't think that's possible as SSO and WF don't exchange user information on a regular basis. Simplified, a user entering WF is redirected to SSO, is identified and returns to Workfront with his credentials attached and then Workfront checks if those credentials match a profile. Consequently, there is no exchange if a user doesn't enter Workfront.

You could consider three options:

a) Create a report of users who haven't been on WF for a long time (and then manually check in your system why)

b) Play around with the "update users for SSO" functionality in the setup (I unfortunately have no experience with it)

c) Use Fusion or the WF API to connect to your company's employee register and trigger the deactivation of the WF user if he/she cannot be found.

By the way, based on our data privacy evaluation, the access to WF is only blocked for a former user if you check the "SSO only" option - otherwise the users could still get into WF with a password.

Avatar

Level 9

This is a filter I use in the People tab. Our Admins are able to get in without SSO so I filter them out.0694X00000ArgzjQAB.png