If you've configured automated user provisioning for a SAML cloud application, you can see the number of users created, suspended, and deleted within the last 30 days, as well as any provisioning failures, on the app's profile page. When autoprovisioning is on, users are synced every few hours.
In the Admin console, go to Menu AppsWeb and mobile apps.
- Click a SAML cloud application that shows Autoprovisioning On in the Details column.
- Under Autoprovisioning, the number of users created, suspended, and deleted in the last 30 days is shown, as well as the number of provisioning failures.
The top of the Autoprovisioning section shows auto-provisioning status:
- Active — Autoprovisioning is on and running. User accounts will be created in the target application for all the applicable users based on the Organizational Units for which the application is selected and any additional groups to which provisioning is restricted. After that, whenever any changes are made to a user in Google Cloud Directory, relevant changes are made to the user account in your target application.
- Inactive — Autoprovisioning is inactive. No changes are made to users accounts in your target application in this state. Note: Deactivating auto-provisioning may take up to 15 minutes to take effect.
Before activating autoprovisioning, make sure to configure mandatory user attributes, attribute mappings, and any needed provisioning scopes. Also consider any licensing implications for your application.
- Do one of the following:
- Under Autoprovisioning, click the activation slider.
- Click in the Autoprovisioning section to open the settings page, then click Status > Turn on or Turn off.
- In the confirmation box, click Turn on or Turn off.
Note: Deactivating autoprovisioning doesn't remove users already created on your target application.
Before it can start working, automated user provisioning needs the target application to authorize Google to create and update user accounts in the app. As the administrator of the target app, you give this authorization during initial autoprovisioning setup.
However, after initial setup, authorization can sometimes be revoked. This may happen due to inactivity, a password change on the app's admin account, or for other reasons. If so, you'll need to reauthorize to get autoprovisioning started again.
For instructions, see the Reauthorization section in your app's autoprovisioning article.
Here's the effect on automated user provisioning when a target application is enabled:
Single sign-on (SSO) gets turned on for the target application. If the provisioning status is ON, provisioning continues and accounts are created in the target application for applicable users based on the Organizational Units (OUs) for which the application is turned on and any additional groups to which provisioning is restricted. If the provisioning status is OFF, there's no change in the status of accounts on the target application.
Here's the effect on automated user provisioning when a target application is disabled:
SSO is turned off for the target application. If the provisioning status is ON, provisioning continues and all Cloud Directory users previously created in the target application will be removed. If the provisioning status is OFF, there's no change in the status of accounts on the target application.