Problem

Teams who use an identity provider, such as OKTA, will want to manage users directly via that platform. While a user in their IDP org can sign up on Coder with OIDC and be automatically provisioned as a user, they cannot be automatically removed from Coder if they are removed in the IDP.

Definition of Done

Admins should be able to remove a user in their IDP (that is connected to Coder via OIDC and SCIM) and have the user automatically be deprovisioned in Coder. This avoids them needing to remove the user in two separate places.

This should be a paid enterprise feature.