Automatically add/remove users in Fleet when they're added/removed in my IdP

[noahtalerman]

Goal

User story
As a security engineer, who noticed that the IT team got Fleet or is expanding its use,
I want automatic user deletion/creation so that when someone w/ an account in Fleet leaves/joins and we remove/add them in Okta
so that there’s not a dangling Fleet admin account (JIT, SCIM).

Context

• Product designer: @randy-fleet

Original request: #15671

Changes

Product

• [ ] UI changes: TODO
• [ ] CLI (fleetctl) usage changes: TODO
• [ ] YAML changes: TODO
• [ ] REST API changes: TODO
• [ ] Fleet's agent (fleetd) changes: TODO
• [ ] Activity changes: TODO
• [ ] Permissions changes: TODO
• [ ] Changes to paid features or tiers: TODO
• [ ] Other reference documentation changes: TODO
• [ ] Once shipped, requester has been notified

Engineering

• [ ] Feature guide changes: TODO
• [ ] Database schema migrations: TODO
• [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[noahtalerman]

Hey @randy-fleet I peeled this user story off the the customer request here and assigned you, and added it to the current design sprint.

I don't know yet if there's much new UI to design here. I'm hoping we can use the existing fields and checkbox we already have on the Settings > Organization settings > SSO page:

I think the first task is documenting what the user journey/flow looks like for setting this up w/ Okta/Google Workspace and other third-party apps.

This will help us understand what we have to design/build in Fleet.