Identity Management

Last Updated: April 07, 2026

When you connect an identity provider, Vasion assigns a unique identity to uniquely identify an individual who accesses the application.

Identities authenticate through multiple methods:

  • Local: Created manually within Vasion Automate or Virtual Appliance.
  • IdP: Managed through third-party identity services like Okta, Entra ID (Azure AD), Google Identity, etc.
  • LDAP Domain: Synchronized from directory services.

The unified login experience allows identities to be recognized across both Virtual Appliance and Vasion Automate.

Vasion cannot remove provisioned users from a customer's database for security and compliance reasons. There are a few options admins can use to remove users individually or in bulk from their instance. Details on both methods are included below.

Individual Users

The access to the users individual identities depends on how your instance is configured. An instance with a single IdP configured displays the Identities screen, while an instance configured with multiple IdPs displays the Identity Management screen.

To access the identities go to Tools then Identities, or Tools then Identity Management depending on your instance setup.

Identities

Identities displays the following user details in a table format:

Name
Displays the user's name as defined by the First Name and Last Name fields in the IdP or local user record.
Username
Displays the username, which is defined by the IdP or local user record.
Source
Displays the IdP source, such as Entra ID (Azure AD), Okta, etc. If the user was added manually as a local user the source displays vasion.
Groups
Displays group associations for the user as assigned in the IdP.

Admin Console showing Identities tab and list of records.

Identity Management

The screen displays the following for each user in a table:

User ID
This ID is a unique number assigned to the user by the IdP. A user provisioned from multiple IdPs has multiple User IDs associated with their Identity ID. Expanding the User ID displays user information that is specific to the fields configured in the IdP. For example, First Name, Last Name, Email, Manager, etc.
Linking Attribute
The Linking Attribute identifies which attribute (username, email, etc.) in the IdP creates the association with the Identity ID.
Linking Attribute Value
The Linking Attribute Value displays the attribute value used to link multiple User IDs to a common Identity ID.
Associated Users
The Associated Users displays the number of User IDs associated with the Identity ID.

Admin Console showing Identity Management tab and list of records.

Delete Individual Users

You can use the Identities and Identity Management tabs to delete individual users from your database. This action only removes users from the instance database and not from your IdP. Do the following to delete a user from your database:

  1. Access the option in your instance by going to Tools then Identities or Tools then Identity Management.
  2. Search for the desired user, and expand the Name or Identity ID.
  3. Select the Trash Can button Trash Can button..

  4. Select OK in the modal.

    Modal with OK and Cancel buttons.

Admin Console showing Identity Management tab and expanded user information.

Bulk Removal

LDAP Users

Do the following to remove all LDAP users and groups:

  1. In the Admin Console, select Tools then Settings then General.
  2. In the Identity Provider Settings section, select LDAP.
  3. In the LDAP Sync section, select the Delete Provisioned LDAP Data option.
  4. Enter "DELETE" in the text field.

  5. Select Delete.

    This action deletes all LDAP users and groups from the database for all configured Active Directory domains and requires you to provision them again. You cannot undo this action.

The Role-Based Access Control (RBAC), portal security, and printer deployment rules associated with these users and groups continue to function unless you delete them.

Delete LDAP Provisioning Data showing DELETE in text field.

IdP Users

There are three actions for bulk IdP user management:

Deactivate All Users
This action deactivates all users for the selected IdP. Restart the sync to enable the users again.
Delete Provisioned Data
This action deletes all IdP users and groups from the database for the selected IdP. This action also removes all RBAC, portal security, and printer deployment rule associations for the users and groups; they must be provisioned again to be available for use.
Delete IdP Groups
This action deletes all IdP groups from the database for the selected IdP. This action also removes all RBAC, portal security, and printer deployment rule associations for the groups; they must be provisioned again to be available for use.
  1. Navigate to Tools then Settings then General in the Admin Console.
  2. In the Identity Provider Settings section, select SCIM.
  3. From the dropdown menu, select the desired IdP.
  4. Select the button for the desired action.
  5. Follow the Proceed and Delete prompts in the modal.

Admin Console showing Identity Provider Settings section, SCIM option selected, and bulk user-management options.