SCIM Support for Gerrit

[Sachidanand Patil]

Hi,

Our Organization is in process of migrating our Gerrit Instances(40+) to MS Azure AD using SAML.

Everything works perfectly except user(mainly deactivation) and group membership sync. This is a big security concern for using access token for scripts/automation.

When User leaves organization,  user object gets removed from MS Azure AD but it remains in Gerrit. Of course user cannot login to UI but if he/she had created access token then he/she can still access the code as long as token is valid.

Secondly, When we remove user from any MS Azure AD group, His/her membership for that group remains as it was before until he/she login after access revocation.

So if user does not login to UI after removal from a particular Azure AD group,  He/she still can access the code using an access token through scripts/automation.

I guess SCIM in MS Azure AD is the solution to these problems but tools should have support for SCIM. I believe Gerrit does not have any support for SCIM.

Can you please confirm if there is any support or plugin available for SCIM support in Gerrit? Otherwise, It would be really nice to have the support.

Also, Can you please suggest any other workarounds to address these issues,

Please feel free to reach out to me on  +46 767548615(same for Whats app)for more details or queries.

Awaiting the response!

Thanks & Regards,

Sachi

+46 767548615