Delete user via API

Todd_Haddaway · ‎08-01-2018

I’m in the process of writing some code to, via the DUO API, delete users that have left my university and no longer qualify for our license. In looking over the API, it seems that the logic will be something like this:
For every user_id to be deleted
For every phone assigned to the user
call /admin/v1/phones to find out if there are multiple users for the phone
if user_id is the only user of the phone
delete phone
else
call /admin/v1/users/[user_id]/phones/[phone_id] to disassociate the phone from the user
*** repeat above For loop for any hardware tokens
Delete user

I was hoping that the delete user API would take care of all of this like the management console does, and also put the user into the trash bin, but alas it doesn’t. Everything needs to be done in separate tasks.

Am I on the right track?

amarrone · ‎08-01-2018

Hi Todd,

My name is Andrew and I am a Customer Solutions Engineer with Duo. I often work with universities that are tackling similar account cleanup tasks and you nailed the approach most universities take.

The process you’ve outlined is a solid approach to removing the users and their phones. From my experience you should be able to remove the user even if they have phones associated with their account. This would let you remove the users that no longer are with your university and then have a separate clean-up function/script that polls for the list of phones. This would do a quick check to see if the ‘user’ array is empty, and if so it can delete the phone. Either way accomplishes the same result, so I would recommend going with the order that makes the most sense to you.

I also highly recommend using our Duo Client Library for making the appropriate calls. It really does simplify making the API calls and results in much cleaner scripts overall.

Andrew

Todd_Haddaway · ‎08-01-2018

Excellent - Thanks Andrew. I appreciate the feedback and link!

Todd