In the Azure/Twingate Portal (Azure Portal → Enterprise Applications → Twingate), there are only 2 users listed, but the Twingate console lists 5 users.
The Twingate console won’t let me remove these users, and I can’t find anything in the Azure Portal to even suggest that these extra users should be able to access Twingate.
How can I remove these extra users ?
–
Edit/Addition:
Not sure if it’s relevant, but I just noticed on the Twingate console that the last user sync with Azure was 2 months ago, but Azure says the last sync was 4 minutes ago and repeats every 40 minutes.
Ran into this as well today - seems to be that the duplicate user gets created when the user adds their device? I’m seeing the originally synced user without any devices listed and then the duplicate without and email address but a device.
Edit/Addition:
The Twingate user docs say this on removing users:
Users are automatically synchronized from your Identity Provider and cannot be modified in the Twingate Admin Console. Any changes to users—for example, creation or deactivation—are received directly from your configured IdP via SCIM and will update Twingate immediately.
I think the issue to address is why those duplicates are being synced from the IdP - will be trying some scenarios based on the device addition theory and provide any findings.
I’ve got my IdP team looking into what might be going on with both scenarios.
First thing - we currently bill based on active users, so if you’ve got 100 users in your dashboard but only 10 of them are actively logging in to the client and accessing resources, you only get billed for 10.
That being said, if either of you want to email me at arthur(at)twingate.com with your tenant slug and the particular users you’d like deleted, I can take care of it manually for now.
Your mention of active users is a detail I’ve been hoping to find about Twingate, and this is the first reference to it I’ve seen.
Is there a public definition of “active”? I ask this because I have subscription services that work similarly, counting “engaged” users, where “engagement” has a defined meaning. It’s possible for them to do read-only actions, but content modification moves them into a billable category.
So for Twingate, is it “any use at all in a month” = active?
