Looking to simplify my power-users' "user management" pages - what are best practices?

We do a similar setup with a seemingly redundant ‘Inactive’ branch to cover the issues of the inactive setting. Our SSO doesn’t bring them back automatically (it is not that fancy) so we do a batch job every morning of all new users, all updated users, all inactive users, etc. which re-activates and updates these users to the right branch.

Sounds like your SSO moves people around normal branches already? So in theory should just work right? Although if they are marked inactive they wouldn’t be able to log in? In theory sounds doable though, definitely worth a couple of test accounts though.

Well, my SSO is feeding branch codes into docebo, which are locked, but I can then move users around and they seem to stay put on subsequent logins, so I suspect it won’t move them around. TBD. I do have a call with Auth0 professional services today and plan to ask.

It does deposit users in the proper branch on first creation via JIT.

No, they would be active but in that dummy folder.

Inactivating users just blocks them from login, right? We already have SSO to do that, so I’m telling people not to inactivate users (since it is pointless and might later cause an issue down the line if someone returns and the training admin doesn’t know about inactivation)

Well, I probably need to define (I’ve been saying this for a while) not just what we call xchangeID (branch code) but docebo_branch-code as a variable in Auth0 to pass in. But yeah once they exist they seem to stay put, it’s just JIT that deposits them in a branch.

Presumably we could set Auth0 on each login to send an API command moving branch in realtime - or just on first login to docebo. That could work.

Or, depending on the flexibility of that API setup...on login check branch of user, if the inactive, update branch. Then your manual moves in other branches remain uneffected.