Can user disablement in Microsoft Entra ID (AAD) be synced to IDaaS?
Yes. The disabled status of a user in Microsoft Entra ID can be synced to Alibaba Cloud IDaaS. The process is as follows:
When a user is disabled, Microsoft Entra ID sends the
active: falseproperty through the System for Cross-domain Identity Management (SCIM) protocol.After IDaaS receives this property, it marks the user's status as Disabled.
When the user is re-enabled in Microsoft Entra ID, the account status in IDaaS is restored to Normal.
How do I re-enable a disabled user in Microsoft Entra ID (AAD)?
Log on to the Azure portal. In the top search bar, search for Users. Click .
In All Users, find the disabled user. Click the username to open the details page. Then, under , click Edit.
Select the Account Enabled checkbox. Click Save to reactivate the account.
Does syncing from Microsoft Entra ID (AAD) to IDaaS support user deletion?
Deleting a user in Microsoft Entra ID:
The user is moved to the Deleted Users list. During the next synchronization cycle, Microsoft Entra ID sends a disable instruction to IDaaS. IDaaS then disables the user.
If the user is permanently deleted from the Deleted Users list, Microsoft Entra ID sends a delete instruction to IDaaS during the next sync. IDaaS then deletes the user.
Removing a user assignment from an enterprise application in Microsoft Entra ID:
Microsoft Entra ID sends a disable instruction to IDaaS. IDaaS then disables the corresponding user based on the configuration.ImportantBefore you perform a large-scale user deletion, test the synchronization behavior in a staging environment. This ensures that the behavior meets your security and compliance requirements.