keycloak-scim/server_admin/topics/users/allow-user-to-delete-account.adoc

50 lines
1.9 KiB
Text
Raw Normal View History

=== Enabling account deletion by users
{project_name} can allow applications end users to delete their account through the Account Console. The functionality is not enabled by default. To enable it, the following steps needs be taken:
* Enabling the "Delete Account" Required Action
Allowing the user to delete their account is done through an AIA (Application Initiated Action). You need first of all to enable the action from the admin console. In the Authentication menu, go to the Required Actions tab and tick the enabled checkbox for the "Delete Account" action.
image:{project_images}/enable-delete-account-action.png[]
* Making sure the user has the "delete-account" as a client role:
The delete account functionality is enabled on a per user basis. The second requirement to enable the delete account functionality is to make sure the user has the `delete-account` as a client role.
To enable the delete account role for a user, go to the Users menu, and find the user for which the delete account functionality is to be enabled. In the "Role Mappings" Tab, select the "account" client from "Clients Role" list.
Finally, select `delete-account` and click on add selected.
image:{project_images}/delete-account-client-role.png[]
=== Deleting a user in action
Once the functionlity is enabled, the user will see a new section named "Delete Account" appear in the bottom of the "Personal Info" page
image:{project_images}/delete-account-landing-screen.png[]
image:{project_images}/delete-account-page.png[]
As stated by the warning message, this action is irreversible, and it implies the deletion of all the user's data in Keycloak.
Once the user clicks on Delete, he will be prompted to enter his credentials again and redirected to the final confirmation step:
image:{project_images}/delete-account-confirm.png[]
After confirming, the user's account will be deleted.