Manage User Accounts
On this page
Overview
You can manage your application's user accounts with the App Services UI, App Services CLI, Admin API, or Realm SDKs.
Delete a User
You can completely remove a user from your application, including any metadata and authentication provider identities. Deleting a user also immediately ends any sessions associated with that user.
Tip
If you don't want to delete the user's account, you can disable their account to temporarily suspend their access.
Manually Delete a User
You can use the App Services UI, CLI, or Admin API to manually remove a user account.
Select App Users from the left navigation menu.
Select either Confirmed or Pending, depending on the current state of the user you wish to delete.
Under the Users tab, find a user in the list and click on the ellipsis (
...).Click Delete User and confirm your choice.
To delete a user, call appservices users delete. The CLI will prompt you
for your App ID and list users in that app for you to select.
appservices users delete
You can also specify the arguments when you call the program:
appservices users delete \ --app=<Your App ID> \ --user=<User ID>
Tip
You can delete multiple users with a single command by specifying
their id values as a comma-separated list.
appservices users delete --user=6099694d5debcbcc873ff413,60996996b78eca4a8d615d3a
To delete a user, create a DELETE request
in the following format. You must specify the Group, App, and User ID.
curl --request DELETE \ --header 'Authorization: Bearer <access_token>' \ https://services.cloud.mongodb.com/api/admin/v3.0/groups/<groupId>/apps/<appId>/users/<userId>
If you want to delete a pending email/password user, create a request in the following format:
curl --request DELETE \ --header 'Authorization: Bearer <access_token>' \ https://services.cloud.mongodb.com/api/admin/v3.0/groups/<groupId>/apps/<appId>/user_registrations/by_email/<email>
Note
App Services does not automatically delete any data in your linked
MongoDB Atlas cluster that you have associated with a deleted user. For example,
if your application allows users to create data that linked to a user by
including their ID in an owner_id field, deleting the user object does
not delete the user-created linked data. To remove all traces of a deleted
user, you must manually delete or modify any such documents.
Delete a User in the SDK
You can give users the option to delete their own account from a client application when you use the Realm SDKs to delete users.
Delete a User with a Custom Function
You can write a custom function to delete a user. You might want to do this if your SDK does not yet support the delete users API.
Create a function similar to our example below that uses Application Authentication. You might want to incorporate error handling in the event that the function does not successfully authenticate, or it cannot delete the calling user.
For this example function, we have created values and secrets for the
adminApiPublicKey and adminApiPrivateKey.
We would then add the Project and Application IDs to the apiUrl.
We can then call this function from the SDK. The example function below does not take any arguments, and deletes the user who calls the function.
Tip
If your app uses Email/Password Authentication, consider that you may want to delete pending users, which involves a second endpoint:
const apiUrl = "https://services.cloud.mongodb.com/api/admin/v3.0/groups/{insert-your-project-id}/apps/{insert-your-app-id}"; exports = async function(){ // This function deletes the user who calls it. It gets this user's ID // from the user in the function context. This is safer than accepting // a passed-in user ID, as the user can never delete any other user's account. const callersUserId = context.user.id async function adminLogIn() { const username = context.values.get("adminApiPublicKey"); const apiKey = context.values.get("adminApiPrivateKey"); const response = await context.http.post({ url: "https://services.cloud.mongodb.com/api/admin/v3.0/auth/providers/mongodb-cloud/login", body: {username, apiKey}, encodeBodyAsJSON: true, }); const body = EJSON.parse(response.body.text()); return body.access_token; } const token = await adminLogIn(); async function deleteUser(_id) { await context.http.delete({ url: `${apiUrl}/users/${_id}`, headers: {"Authorization": [`Bearer ${token}`]} }); return _id; } return deleteUser(callersUserId); };
Disable a User
You can temporarily disable a user, which prevents the user from logging in and invalidates any of the user's existing access and refresh tokens. You can enable a disabled user to let them log in again.
Select App Users from the left navigation menu.
Select either Confirmed or Pending, depending on the current state of the user you wish to disable.
Under the Users tab, find a user in the list and click on the ellipsis (
...).Click Disable User and confirm your choice.
To disable a user, call appservices users disable. The CLI will prompt you
for your App ID and list users in that app for you to select.
appservices users disable
You can also specify the arguments when you call the program:
appservices users disable \ --app=<Your App ID> \ --user=<User ID>
Tip
You can disable multiple users with a single command by specifying
their id values as a comma-separated list.
appservices users disable --user=6099694d5debcbcc873ff413,60996996b78eca4a8d615d3a
To disable a user, create a PUT request
in the following format. You must specify the Group, App, and User ID.
curl --request PUT \ --header 'Authorization: Bearer <access_token>' \ https://services.cloud.mongodb.com/api/admin/v3.0/groups/<groupId>/apps/<appId>/users/<userId>/disable
Enable a User
You can enable a disabled user to let them log in again.
Select App Users from the left navigation menu.
Select either Confirmed or Pending, depending on the current state of the user you wish to enable.
Under the Users tab, find a user in the list and click on the ellipsis (
...).Click Enable User and confirm your choice.
To enable a user, call appservices users enable. The CLI will prompt you
for your App ID and list users in that app for you to select.
appservices users enable
You can also specify the arguments when you call the program:
appservices users enable \ --app=<Your App ID> \ --user=<User ID>
Tip
You can enable multiple users with a single command by specifying
their id values as a comma-separated list.
appservices users enable --user=6099694d5debcbcc873ff413,60996996b78eca4a8d615d3a
To enable a user, create a PUT request
in the following format. You must specify the Group, App, and User ID.
curl --request PUT \ --header 'Authorization: Bearer <access_token>' \ https://services.cloud.mongodb.com/api/admin/v3.0/groups/<groupId>/apps/<appId>/users/<userId>/enable