Share via

Workday/Entra ID - Soft delete users without the "Delete" action selected?

JennyDunham-7796 20 Reputation points
2024-04-30T22:27:02.8766667+00:00

We currently have Workday to Entra ID user provisioning enabled with the "Create" and "Update" actions allowed and "Delete" is not enabled. I'm wondering if anyone is able to clarify whether the integration is able to soft delete an account with this configuration and eventually hard delete after 30 days. There's been an ask by the HR team to disable accounts while employees are on leave, but with the integration I'm unsure if the accounts will be deleted if the employee is on leave for over 30 days. Microsoft's documentation only states that the "Create" and "Update" options are the most common actions and doesn't mention anything about "Delete" that I've been able to track down.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,793 questions
Accepted answer
  1. Navya 4,470 Reputation points Microsoft Vendor
    2024-05-02T11:57:09.92+00:00

    Hi @JennyDunham-7796

    Thank you for posting this in Microsoft Q&A.

    The exact definition of disable and delete varies based on the target app's implementation, but generally a disable indicates that the user can't sign in. A delete indicates that the user has been removed completely from the application.

    whether the integration is able to soft delete an account with this configuration and eventually hard delete after 30 days.

    With the current configuration, the integration will not be able to soft delete an account. Soft delete is a feature that allows you to recover deleted objects within a certain time frame, typically 30 days. If the "Delete" action is not enabled in the user provisioning configuration, the integration will not be able to delete user accounts, either permanently or temporarily.

    If you want to disable accounts while employees are on leave, you can use the "Update" action to change the user's account status to "disabled" or "inactive". This will prevent the user from logging in to their account, but their account will still exist in Entra ID. When the employee returns from leave, you can use the "Update" action again to change the user's account status back to "active".

    For more information referring this documentation: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/how-provisioning-works#deprovisioning

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest