Google IDP sync deleted and readded all users during the night #2027

Open
opened 2025-11-20 06:11:29 -05:00 by saavagebueno · 2 comments
Owner

Originally created by @karlveezoo on GitHub (Jun 30, 2025).

Describe the problem

We use Netbird Cloud with Google IDP sync. Over the weekend/night it looks like all users were deleted and then readded. The Activity tab shows SYSTEM deleted all users.

To Reproduce

Not sure, but might be that IDP sync had issues connecting to Google? or Google returning 0 users for some reason.

Expected behavior

It would be nice if there was an option to only delete a user after checking IDP source a couple of extra times, or if the IDP returns 0 users or an error it would do another check before really deleting anything.

Are you using NetBird Cloud?

Netbird Cloud

NetBird version

Management Console

Is any other VPN software installed?

N/A

Debug output

N/A

Screenshots

Additional context

Have you tried these troubleshooting steps?

  • Reviewed client troubleshooting (if applicable)
  • Checked for newer NetBird versions
  • Searched for similar issues on GitHub (including closed ones)
  • Restarted the NetBird client
  • Disabled other VPN software
  • Checked firewall settings
Originally created by @karlveezoo on GitHub (Jun 30, 2025). **Describe the problem** We use Netbird Cloud with Google IDP sync. Over the weekend/night it looks like all users were deleted and then readded. The Activity tab shows SYSTEM deleted all users. **To Reproduce** Not sure, but might be that IDP sync had issues connecting to Google? or Google returning 0 users for some reason. **Expected behavior** It would be nice if there was an option to only delete a user after checking IDP source a couple of extra times, or if the IDP returns 0 users or an error it would do another check before really deleting anything. **Are you using NetBird Cloud?** Netbird Cloud **NetBird version** Management Console **Is any other VPN software installed?** N/A **Debug output** N/A **Screenshots** **Additional context** **Have you tried these troubleshooting steps?** - [X] Reviewed [client troubleshooting](https://docs.netbird.io/how-to/troubleshooting-client) (if applicable) - [X] Checked for newer NetBird versions - [X] Searched for similar issues on GitHub (including closed ones) - [X] Restarted the NetBird client - [X] Disabled other VPN software - [X] Checked firewall settings
saavagebueno added the bugidpcloud labels 2025-11-20 06:11:29 -05:00
Author
Owner

@bcmmbaga commented on GitHub (Jun 30, 2025):

Hello @karlveezoo to help us investigate, please open a ticket with NetBird's team via support@netbird.io with your account details (email or domain). This will allow us to review what caused the issue.

This behavior is not caused by a failed Google API call, when the API fails the sync doesn’t proceed and no users are removed. It's more likely due to configuration issues or other sync-related conditions. We’ll confirm once we review the account.

@bcmmbaga commented on GitHub (Jun 30, 2025): Hello @karlveezoo to help us investigate, please open a ticket with NetBird's team via support@netbird.io with your account details (email or domain). This will allow us to review what caused the issue. This behavior is not caused by a failed Google API call, when the API fails the sync doesn’t proceed and no users are removed. It's more likely due to configuration issues or other sync-related conditions. We’ll confirm once we review the account.
Author
Owner

@nazarewk commented on GitHub (Jul 1, 2025):

To keep others updated:

  • due to unknown reasons Google did send us an empty list of groups with no indication of any kind of error
    • our system handled this "correctly" by clearing out user accounts, because nobody had access to NetBird anymore,
  • few minutes later we have received a correct list again and repopulated the user accounts,
  • we will be improving thes sync to ignore occasional empty responses to prevent cases like these in the future,
@nazarewk commented on GitHub (Jul 1, 2025): To keep others updated: - due to unknown reasons Google did send us an empty list of groups with no indication of any kind of error - our system handled this "correctly" by clearing out user accounts, because nobody had access to NetBird anymore, - few minutes later we have received a correct list again and repopulated the user accounts, - we will be improving thes sync to ignore occasional empty responses to prevent cases like these in the future,
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#2027