Staying InvolvedIt takes about 40 minutes once the user is deleted from from the IDP. Are there any other options for disabling a SCIM user?
My thought was to create a WAN firewall rule to deny the user access until the scim update happens.
Currently user are setup for split tunneling so I wouldnt need an Internet FW rule but if split tunneling was not in place then I would create a rule here as well.
Making ConnectionsYes that's correct. User can directly re-connect as long its still enabled on IdP. But for urgent cases, normally you reset password, revoke sessions there or disable user also on IdP.
Staying InvolvedI thought about reset password, but I would think user would just create a new one.
Making ConnectionsIf you have to block access for a user immediately, you also can do a "Revoke Session" over Cato Portal plus disable the account on IdP side. It takes 1-2min until Cato User session is not active anymore.
Staying InvolvedYes, I am aware of Revoke Session. But wouldnt that just be temporary? Wouldn't the user just be able to re-connect?
