Product Documentation

Deleting a User - deleteRequest

Feb 06, 2011

Use the deleteRequest operation to remove all data associated with a user from the central store.


<deleteRequest requestID="RA-generated-ID" executionMode="synchronous"> 
   <psoId ID='userFQDN'/> 


requestID (mandatory) This is the client-generated ID that associates the return values with this request.
executionMode Single Sign-on supports synchronous execution mode.
authentication-token The authentication-token element is mandatory, but is not used at this time.
psoID (mandatory) The psoID is a unique identifier for each end user; PSOID is the credential's GUID returned by the lookupResponse.

Syntax for Return Values (deleteResponse)

<deleteResponse status="success" requestID="RA-generated-ID"> 

Parameters for Return Values

status (mandatory) Possible values: Success, Failure, Pending
requestID (mandatory) This is the client-generated ID that associates these return values with the associated request.


You may choose to completely remove data associated with specific users when they leave the enterprise. Also, if users forget critical information and are unable to access their credentials, you may choose to reset their Single Sign-on state so they can start over (see resetRequest).

These two scenarios, complete removal of data and data reset, need to be differentiated because the Single Sign-on Plug-in behaves differently in each case. Depending on administrator settings, there may be a local copy of the user's Single Sign-on data in the user's profile. If there is no data for the user in the central store, the plug-in runs a registration wizard and copies the user's local data to the central store.

In the reset user scenario, the plug-in software discards the local data then runs the registration wizard.