Behavior when removing a direct binding from a resource in User details:
- Systems - (The system endpoint must be active for the following to occur, else the changes will be delayed until it becomes active.) The user is disabled/suspended within the OS. No user data is changed or removed from the filesystem. If the user is also a member of a group bound to the system, the relationship will persist until group membership is also removed.
- Mac - The account will be put in a suspended state and will no longer show the user in 'Users and Groups' System Preferences The user's home directory is unaffected.
- Windows - In Local Users and Groups, the account will be marked disabled and group membership will be revoked. The user's directory is unaffected.
- Linux - The password is locked by prepending a ! to the password in /etc/shadow, equivalent to passwd -l and any authorized keys are removed from the system.
- SSO Applications - The SSO application icon will be removed from the User Console, and the user will not be able to authenticate with SAML workflows. Existing sessions may remain active until Service Provider logout or session timeout.
- RADIUS - Users will no longer be able to authenticate via RADIUS. Existing sessions may remain active until logout.
- GSuite* - The user will be suspended and placed in the Suspended Users group within the Google Administrator Console. Google typically expires existing sessions on all devices within a few minutes.
- Office 365* - The user will be disabled within the Office 365 Administrator Console. Microsoft typically expires existing sessions within a few minutes.
- JumpCloud LDAP* - The user will no longer be able to authenticate via LDAP, or exist in the LDAP instance. Existing session behavior will be subject to the functionality of the application being used.
User Group Bindings
Behavior when removing a User Group binding from a resource:
- Systems, SSO Applications, and RADIUS - All users in the group will have access revoked in the manner explained for direct binding above.
- GSuite*, Office 365*, JumpCloud LDAP* - All users in the group will have access revoked in the manner explained for direct binding above. Groups unbound from LDAP will no longer be presented in the LDAP instance.