Azure AD User Sync periodically synchronizes an organization's Azure AD users with ServiceDesk Plus Cloud. However, after a recent update, all Azure AD users, including guests and external users, were synced with ServiceDesk Plus Cloud.

 

An invitation mail was sent from ServiceDesk Plus Cloud to the users, asking them to join the organization's service desk portal. This error was due to the failure in setting a default user criteria to skip guest and external users during the sync. 

If the users accept the invitation, they would gain access to the organization's service desk with requester access privileges, which includes access to the Service Catalog and the knowledge base.

If you have configured Azure AD User Sync and there was an automated sync in the affected time frame, you could be impacted. Therefore, please check for unintended users in the service desk application and delete them. 

 

Follow these steps to check for and delete unintended users:

 

1) Click the Instances icon on the upper left and click ESM Directory.

2) On the right panel, select Users, go to Invited Users, and select all unintended users and delete them manually.

 

If any of the unintended users have already accepted the email invite, you can disable their login and delete them from the requester list view. 

 

1) Click Setup on the upper-right corner and go to the instance configured with Azure AD User Sync.

2) Under Users and Permissions, click Requesters and select the Requesters List View.

3) Select the unintended users, click Actions, and select Delete Requester.

 

You can also disable the users' login by clicking on each user and removing their login permissions. 

At our end, we are working to revoke the invitations to unintended users and also delete users who joined through the invites. We will update this thread when there is more information to share. 

We are working on enhancing our testing process and code review to forsee and prevent such issues in the future.

​