Auth0 Home Blog Docs

User deletion in Identity provider ack to Auth0

users
delete-user
identity
enterprise
enterprise-connectio

#1

Do Auth0 know if a user is deleted from Identity provider, lets say any enterprise connection like SAML, LDAP ?

If no, can we achieve this in any way like setting up some webhook from enterprise server to Auth0 ?

Would be great if one can share some documentation with some example.


#2

If you have access to the IDP and you can capture events from that IDP (such as deletion) and push them into Auth0, that is generally preferred. The reason for this is it is a write-rarely, read often type of scenario. You can create a rule that queries your IDP to find out if the user still exists, but that is a lot more expensive of an operation because you have to do it on every login.

I don’t have any specific examples for you, but the way you would generally do this is to create some sort of protected webhook or other mechanism that is triggered on change to the IDP. This webhook then uses client credentials grant to get an access token to the management API. Once you have that token, you can call the management API to delete the user.

Be careful with your webhook, you will need to make sure that the data pushed to that webhook is able to be validated as from the IDP. You could use IP whitelisting, or preferably the IDP has a way to pass you a token that can be validated. Since you will be taking action against your user database from this information, you want to make sure you protect that endpoint.