Hello,
We are using Zabbix 6.4 and we have implemented SAML with JIT and SCIM, as you can see in the image below:
JIT is working fine; all the users are automatically provisioned according to the User group mapping in Zabbix, and the username is correctly assigned as user.userprincipalname from Azure.
But now, something unexpected happens when a deployed user tries to log in with single sign-on:
The user instantly gets deprovisioned by having the role and group that were just added removed, and the user is moved to the Disabled group.
This only happens with users that are provisioned automatically by the IdP. Users that we created manually by setting the user.userprincipalname as Name can use single sign-on without any problems.
Maybe someone can give us a hint about what we should look for? Thank you very much for your reply!
We are using Zabbix 6.4 and we have implemented SAML with JIT and SCIM, as you can see in the image below:
JIT is working fine; all the users are automatically provisioned according to the User group mapping in Zabbix, and the username is correctly assigned as user.userprincipalname from Azure.
But now, something unexpected happens when a deployed user tries to log in with single sign-on:
The user instantly gets deprovisioned by having the role and group that were just added removed, and the user is moved to the Disabled group.
This only happens with users that are provisioned automatically by the IdP. Users that we created manually by setting the user.userprincipalname as Name can use single sign-on without any problems.
Maybe someone can give us a hint about what we should look for? Thank you very much for your reply!
Comment