Overview
This article explains why, after removing users from Active Directory (AD), their profiles are still present in Auth0.
Applies To
- Active Directory (AD) Integrations
- Deleted Users
Cause
This is expected behavior. Deleting a user from an external identity provider will not cause the profile to be removed from Auth0.
Solution
To remove the user from Auth0, manually delete them or implement custom automation to remove the profile from both AD and Auth0.
- If the user is not deleted from Auth0 after being removed from AD
- The user will no longer be able to authenticate via AD as their profile has been deleted.
- If the deleted user has an existing session, they can use it until it expires, at which point they cannot re-authenticate via AD.
- There is also the risk of the AD/LDAP connector being offline and Auth0 using the cache. In this case, if the credentials from a previous login performed before deletion are present, the user will be able to log in.