Users are automatically enrolled on first login once SAML is connected with your Identity Provider.
Currently Any changes to users after enrollment, for example, creation or deactivation are not synced directly from your IdP to Axiom. (deactivation user won't be able to login into Axiom as the IdP won't allow it)
Identity provider Sync will be available soon!
When added to Axiom, Users are assigned with the “Global Requester” Default Scope, and are exposed to request access on all Resources (Unless Default scope is modified to contain specific Resources).
Users can be later specifically assigned to any scopes desired and take out of the Default Scope.
Tenant Admin
Axiom Tenant Admins, Can be promoted and demoted only from this page.
Tenant Admin users have full read and write capabilities across the entire Platform.
When a User is promoted to Tenant Admin, he will be visible also in the "Global Admins" System Scope
