Best practice for reserving username after account deletion?

We use Auth0 as our source of truth for user accounts.

When a user asks to delete their account, we want to remove PII but keep the username on file (to prevent people assuming accounts). What’s the best way to accomplish this, given that we need to have unique email addresses for each account?

Thanks for any suggestions!

Would an administrative block work? I think so.

You can patch the user via the MGMT API to achieve this.


Hi John! By “administrative block” do you mean the same action that “Block” enables in the UI?

If so, that doesn’t work, as it doesn’t let you remove the PII (the user email address) – at least it doesn’t in the GUI. It’s still required.

Thank you!