Behavior when removing direct binding from resource in User details:
- Systems - The user is disabled/suspended within the OS. No user data is changed or removed from the filesystem. If the user is also a member of a group bound to the system, the relationship will persist until group membership is also removed.
- Mac - The account will be put in a suspended state and will no longer show the user in 'Users and Groups' System Preferences The user's home directory is unaffected.
- Windows - In Local Users and Groups, the account will be marked disabled and group membership will be revoked. The user's directory is unaffected.
- Linux - The password is locked by prepending a ! to the password in /etc/shadow, equivalent to passwd -l and any authorized keys are removed from the system.
- SSO Applications - The SSO application icon will remain in the User Console, but the user will not be able to authenticate with SAML workflows. Existing sessions may remain active until logout or session timeout.
- RADIUS - Users will no longer be able to authenticate via RADIUS. Existing sessions may remain active until logout.
- GSuite* - The user will be suspended and placed in the Suspended users group within the Google Administrator Console. Google typically expires existing sessions on all devices within a few minutes.
- Office 365* - The user will be disabled within the Office 365 Administrator Console. Microsoft typically expires existing sessions within a few minutes.
- JumpCloud LDAP* - The user will no longer be able to authenticate via LDAP, or exist in the LDAP instance. Existing session behavior will be subject to the functionality of the application being used.
Group of Users Bindings
Behavior when removing binding from resource Group of Users:
- Systems, SSO Applications and RADIUS - All users in the group will be have access revoked in the manner explained for direct binding above.
- GSuite*, Office 365*, JumpCloud LDAP* - All users in the group will be have access revoked in the manner explained for direct binding above. Groups unbound from LDAP will no longer be presented in the LDAP instance.