I am working on a project that provisions users into Azure B2C via Azure Graph API call and we got a requirement to disable the users if they are terminated from company. The Termination Date can be anything (Past/Present/Future). If I know the termination date, Can I disable that particular user from B2C instance using the termination date?
Asked
Active
Viewed 496 times
2 Answers
0
I'm not clear what you mean by "disable":
You can DELETE a B2C principal at any time.
You can also delete a B2C principal at a pre-determined time. For example, by running a script that invokes an Azure Graph API call.
Alternatively, you can retain the principal, but block signin. There are several ways to do this. For example:
MSDN: Disable user sign-ins for an enterprise app in Azure Active Directory
Powershell script:
# The AppId of the app to be disabled $appId = "{AppId}" # Check if a service principal already exists for the app $servicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$appId'" if ($servicePrincipal) { # Service principal exists already, disable it Set-AzureADServicePrincipal -ObjectId $servicePrincipal.ObjectId -AccountEnabled $false } else { # Service principal does not yet exist, create it and disable it at the same time $servicePrincipal = New-AzureADServicePrincipal -AppId $appId -AccountEnabled $false }
paulsm4
- 114,292
- 17
- 138
- 190
0
Just to expand @paulms4 answer:
You can disable the user by setting:
"accountEnabled": false,
rbrayb
- 46,440
- 34
- 114
- 174