Implement SCIM for user (de)provisioning #13
Description
On user deletion, or group leave, device passwords are not deleted and - depending on application integration - could possibly used. With SCIM ("System for Cross-domain Identity Management": RFC 7644) users can be (de)provisioned by the IdP.
This is not required, if the application integration separates between authentication and authorization (e.g. with Dovecot using LDAP as userdb and devicepasswords as passdb).
Suggestion by @v-gar