Configuring the handling of SCIM delete requests - PingFederate - 11.0

PingFederate Server

bundle
pingfederate-110
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.0
category
Product
pf-110
pingfederate
ContentType_ce

You can use the Delete/Disable Users tab to define how System for Cross-domain Identity Management (SCIM) delete requests are handled within your user datastore.

Important:

If the group support option is enabled, when PingFederate receives a SCIM delete request for a group, it always removes the specified group from the datastore.

Screen capture of the Delete or Disable Users tab.
Note:

This tab appears only if you are configuring an LDAP user store for provisioning.

Click one of the two available options for SCIM DELETE message behavior.
  • Click Disable User to make the user inactive within the datastore. This approach is preferred in situations where accounts must be retained for auditing reasons.
    To be SCIM compliant when deleting users, PingFederate returns an HTTP 404 response code for all subsequent operations related to the user-effectively treating the user as if they have been deleted from the LDAP user store. For more information, see SCIM specifications.
    CAUTION:

    If the user is disabled through another method, PingFederate still treats that user as if they have been deleted and returns HTTP 404 response codes for all subsequent requests.

  • Click Permanently Delete User to remove the user from the datastore.