mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-18 02:04:06 -05:00
[GH-ISSUE #24501] feat: Allow deactivation when deprovisioning through SCIM #107312
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jeppevinkel on GitHub (May 9, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/24501
Check Existing Issues
Verify Feature Scope
Problem Description
When a user is de provisioned through SCIM currently, they are just deleted from Open WebUI along with all history related to their chats.
This is a very destructive action that can be undesired in certain cases where it might be necessary to restrict access while auditing, or in cases where a user might be temporarily removed, to be reinstated later.
Desired Solution you'd like
A solution to this would be an option to make SCIM only soft delete or deactivate the user account so that it's possible to either reactivate it or manually delete it at a later date.
If account deactivation is complicated to implement, it could also possibly just set the account to the "pending" role.
Alternatives Considered
No response
Additional Context
No response
@owui-terminator[bot] commented on GitHub (May 9, 2026):
🔍 Related Issues Found
I found some existing issues that might be related. Please check if any of these are duplicates or contain helpful solutions:
🟣 #1695 bug: Account Activation Pending can be bypassed by setting
This is related because it involves the 'pending' account state mentioned as a possible fallback in the SCIM deprovisioning request. It shows how Open WebUI currently handles pending activation and whether that state can be used instead of deleting users.
by JoeABCDEF
🟣 #17969 issue: Default User Role resets after redeploy or few minutes
This is somewhat related because the requested feature explicitly mentions setting deprovisioned users to the 'pending' role if deactivation is hard. This issue covers problems with the default pending/user role behavior, which is adjacent to the proposed workaround.
by aimendenche-nw ·
bug🟣 #15671 issue: active directory users can't delete chats (or chat folders)
This is related because it concerns directory-managed users and deletion permissions in Open WebUI. While it is about chat deletion rather than account deprovisioning, it touches the same enterprise/auth integration area and destructive delete behavior for external-directory users.
by mmars13 ·
bug💡 If your issue is a duplicate, please close it and add any additional details to the existing issue instead.
This comment was generated automatically. React with 👍 if helpful, 👎 if not.
@jeppevinkel commented on GitHub (May 9, 2026):
None of those issues are related.