Remove Users from Identity Domains

Removes user accounts from identity domains by deleting users listed in either a CSV file upload (v1) or a request payload (v2). These APIs delete only the accounts identified in the input and do not remove the account of the user executing the command. Because user accounts are shared across all service environments that use the same identity domain, deleting an account from one environment deletes it from all environments that share that identity domain.

Both APIs can report which records failed and why, along with counts of passed and failed records. These APIs should be run only by an Identity Domain Administrator. In v1, the user must also be a Service Administrator. In v2, the user must also have an application role in the target environment.

The v1 API requires an ANSI or UTF-8 encoded CSV file that must first be uploaded to the environment. It is asynchronous and returns a Job ID, which can be checked to determine whether the removal is still in progress or complete.

The v2 API accepts the list of users directly in the request payload. This topic describes the simplified v2 version of the REST API. This version contains all parameters in the payload and does not require URL encoding while calling the REST APIs, which makes the v2 API easier to use. It is synchronous and returns the outcome of the operation in the response.

Any non-zero status indicates failure of removing users, and a status of -1 in v1 indicates that removal is still in progress.

Required Roles

Identity Domain Administrator and any application role (Service Administrator, Power User, User, or Viewer)