@Rahul Users in soft deleted state are disabled in the connected application. After 30 days when the user is hard deleted from Azure AD, it is deleted from connected application. This depends on the IsSoftDeleted attribute mappings, which is used to determine the state of the user and whether to send an update request with active = false to soft delete the user. To see this setting, navigate to:
Azure Portal > Azure Active Directory > Enterprise applications > your_application > Provisioning
On the provisioning blade, if you click on Mappings
drop down and click on Synchronize Azure Active Directory Users to your_application
, there must be an expression for IsSoftDeleted attribute. For example, in Salesforce Sandbox app, the expression looks like:
Not([IsSoftDeleted]) attribute in AAD maps to IsActive attribute in Salesforce.
This means, if the user is not in soft deleted state in AAD, it will be in active state in Salesforce. If you soft delete the user, it will not be active in Salesforce and will be marked as inactive/disabled.
You an change this setting and instead of IsSoftDeleted attribute use any other attribute such as accountEnabled.
You can try setting SkipOutOfScopeDeletions to 1 (true), then accounts that go out of scope will get not be disabled in the target This flag is set at the Provisioning App level and can be configured using the Graph API. For the step-by-step instructions, please refer to https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/skip-out-of-scope-deletions
-----------------------------------------------------------------------------------------------------------
Please "Accept as answer" wherever the information provided helps you to help others in the community.