Use SCIM 2.0 to automatically provision and soft-delete users

Created by: sfllaw

Feature request description

Sourcegraph supports multiple user authentication methods which automatically provision new users when they first login.

However, it does not automatically deprovision or delete users when they have been removed from an upstream Identity Provider (IdP). This is because support for System for Cross-domain Identity Management (SCIM) has not been implemented.

This feature request is to support SCIM 2.0 so that users are automatically soft-deleted when they are disabled in the IdP.

Is your feature request related to a problem? If so, please describe.

We need to regularly soft-delete users who are no longer with our company, so that the number of user licenses used does not grow beyond what we have contracted. This manual administrative process is time-consuming and distracting.

Describe alternatives you've considered.

If we didn’t soft-delete these users, we would have to negotiate with your sales team about licensing users that don’t exist, which is an awkward and silly topic to waste time on.

Additional context

Most of the other services we use support deprovisioning, for example GitHub Enterprise.