Hi. We have linked the PagerDuty API to our AD system via an automated provisioning pipeline. We often see issues (particularly around change of role, promotions etc) where a user loses the required AD permissions to be granted access to PagerDuty. This has the result of removing them from PagerDuty, at least until the permissions are granted again. At that point we can re-add them, but from PD’s point of view, it’s a new user, with lost preferences etc and that needs to be massaged back into shape, by re-adding to teams, schedules and so forth.
Fully acknowledging that the root cause of this issue is within AD, is there a reason that there is no “deactivated” state for a PD user account? This would greatly assist us in restoring service when there is a mistake in the upstream system