Auth0 Home Blog Docs

Staying in Sync with External Identity Provider

Good afternoon,
I have an enterprise connection setup for Azure AD. Auth0 documentation says that anytime a user logs in to Azure AD it will update the profile with any updates that were made in Azure. This is great, but I am curious to know how this works if the user is deactivated. If they are deactivated, I know they won’t be able to log in anymore, but will this reflect in their profile? So that way if we were to query active users in Auth0, it will be in sync with any changes made in the enterprise AD.

Hopefully my question makes sense.

At this time synchronisation only happens at login time so deprovisioning a user on the Azure AD side will not have any immediate effect on the user profile data because the operation is done solely on Azure AD. In addition to that since that action will prevent further logins from that user then there will be no further syncronizations unless you setup your own process.

Thank you for your response.

As far as setting up my own process, is there anyway to route that through Auth0? For example, would I be able to somehow use the Auth0 userID to have auth0 ping AzureAD to see if that user is active? The value in this is that going forward I plan to have multiple different clients that have various enterprise systems, so I would like to avoid creating separate processes for each provider.

I don’t believe that you’ll be able to have that going through (starting at) Auth0; in Management API v1 (https://auth0.com/docs/api/management/v1) there’s an endpoint that could technically allow you to perform a search directly against Azure AD which could be relevant towards this scenario. However, that version of Management API is deprecated and to my knowledge there’s no counterpart to that endpoint in v2.