How to delete a user with Entra ID SCIM

Alistair Young 31 Reputation points
2024-08-29T06:50:45.61+00:00

Is it possible to delete a user with Entra ID? The provisioning is set up for Delete but there doesn't appear to be any documentation on how to do it. e.g. this doesn't do anything. It's not even logged in the provisioning logs:

{

"schemas": ["urn:ietf:params:scim:api:messages:2.0:BulkRequest"],

"Operations": [

{

"method": "DELETE",

"path": "/Users/hmcduser"

}

],

"failOnErrors": null

}

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,417 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 10,056 Reputation points Microsoft Employee
    2024-09-03T18:54:40.5966667+00:00

    The only HTTP method supported is POST. This is not a SCIM (bulk) endpoint, although it is modeled after SCIM in many ways. The feature you are referring to is the "Inbound Provisioning API". Some documentation links are below.

    https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-concepts

    https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-configure-app

    https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-faqs

    https://learn.microsoft.com/en-us/graph/api/resources/synchronization-bulkupload?view=graph-rest-beta

    The last link in that set is the technical API documentation. Only POST is supported, and it does not behave as a SCIM POST does, but more along the lines of a flat file/CSV upload into a queue to be processed by the provisioning service. You can configure the inbound API provisioning job to disable a user but it cannot delete them.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.