Unintended user sync between Azure AD and ServiceDesk Plus Cloud

Unintended user sync between Azure AD and ServiceDesk Plus Cloud

Affected Time Frame: ServiceDesk Plus Cloud from April 19, 2022 5:27 AM PDT to April 20, 2022 3:53 AM PDT
 
Fixed at: April 20, 2022 03:53 AM PDT 
 
What happened?
Azure AD User Sync periodically synchronizes an organization's Azure AD users with ServiceDesk Plus Cloud. However, after a recent update, all Azure AD users, including guests and external users, were synced with ServiceDesk Plus Cloud.
 
An invitation mail was sent from ServiceDesk Plus Cloud to the users, asking them to join the organization's service desk portal. This error was due to the failure in setting a default user criteria to skip guest and external users during the sync. 
Impact:
If the users accept the invitation, they would gain access to the organization's service desk with requester access privileges, which includes access to the Service Catalog and the knowledge base.
How to check if you were impacted?
If you have configured Azure AD User Sync and there was an automated sync in the affected time frame, you could be impacted. Therefore, please check for unintended users in the service desk application and delete them. 
 
Follow these steps to check for and delete unintended users:
 
1) Click the Instances icon on the upper left and click ESM Directory.
2) On the right panel, select Users, go to Invited Users, and select all unintended users and delete them manually.
 
If any of the unintended users have already accepted the email invite, you can disable their login and delete them from the requester list view. 
 
1) Click Setup on the upper-right corner and go to the instance configured with Azure AD User Sync.
2) Under Users and Permissions, click Requesters and select the Requesters List View.
3) Select the unintended users, click Actions, and select Delete Requester.
 
You can also disable the users' login by clicking on each user and removing their login permissions. 

At our end, we are working to revoke the invitations to unintended users and also delete users who joined through the invites. We will update this thread when there is more information to share. 
 
Steps to prevent recurrence:
We are working on enhancing our testing process and code review to forsee and prevent such issues in the future.
‚Äč
If you have any questions about the issue or need more assistance in resolving the issue, please contact our support team at support-cloud@servicedeskplus.com

Thanks & Regards,
Sri"Ram" K S
ServiceDesk Plus Cloud