Manage User Accounts

On this page

Overview

Delete a User
Manually Delete a User
Delete a User in the SDK
Delete a User with a Custom Function
Disable a User
Enable a User

Realm is now Atlas Device SDK – Learn More

Overview

You can manage your application's user accounts with the App Services UI, App Services CLI, Admin API, or Realm SDKs.

Delete a User

You can completely remove a user from your application, including any metadata and authentication provider identities. Deleting a user also immediately ends any sessions associated with that user.

Tip

If you don't want to delete the user's account, you can disable their account to temporarily suspend their access.

Manually Delete a User

You can use the App Services UI, CLI, or Admin API to manually remove a user account.

Note

App Services does not automatically delete any data in your linked MongoDB Atlas cluster that you have associated with a deleted user. For example, if your application allows users to create data that linked to a user by including their ID in an owner_id field, deleting the user object does not delete the user-created linked data. To remove all traces of a deleted user, you must manually delete or modify any such documents.

Delete a User in the SDK

You can give users the option to delete their own account from a client application when you use the Realm SDKs to delete users.

Delete a User with a Custom Function

You can write a custom function to delete a user. You might want to do this if your SDK does not yet support the delete users API.

Create a function similar to our example below that uses Application Authentication. You might want to incorporate error handling in the event that the function does not successfully authenticate, or it cannot delete the calling user.

For this example function, we have created values and secrets for the adminApiPublicKey and adminApiPrivateKey. We would then add the Project and Application IDs to the apiUrl.

We can then call this function from the SDK. The example function below does not take any arguments, and deletes the user who calls the function.

Tip

If your app uses Email/Password Authentication, consider that you may want to delete pending users, which involves a second endpoint:

const apiUrl = "https://services.cloud.mongodb.com/api/admin/v3.0/groups/{insert-your-project-id}/apps/{insert-your-app-id}";
exports = async function(){
// This function deletes the user who calls it. It gets this user's ID
// from the user in the function context. This is safer than accepting
// a passed-in user ID, as the user can never delete any other user's account.
const callersUserId = context.user.id
async function adminLogIn() {
   const username = context.values.get("adminApiPublicKey");
   const apiKey = context.values.get("adminApiPrivateKey");
   const response = await context.http.post({
      url: "https://services.cloud.mongodb.com/api/admin/v3.0/auth/providers/mongodb-cloud/login",
      body: {username, apiKey},
      encodeBodyAsJSON: true,
   });
   const body = EJSON.parse(response.body.text());
   return body.access_token;
}
const token = await adminLogIn();
async function deleteUser(_id) {
   await context.http.delete({
      url: `${apiUrl}/users/${_id}`,
      headers: {"Authorization": [`Bearer ${token}`]}
   });
   return _id;
}
return deleteUser(callersUserId);
};

Disable a User

You can temporarily disable a user, which prevents the user from logging in and invalidates any of the user's existing access and refresh tokens. You can enable a disabled user to let them log in again.

Enable a User

You can enable a disabled user to let them log in again.

← Read User Metadata

Manage User Sessions →

Manage User Accounts.css-134mg1q{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;padding:0 10px;visibility:hidden;}.css-6vrlzm{border-radius:0!important;display:initial!important;margin:initial!important;}.css-1l4s55v{margin-top:-175px;position:absolute;padding-bottom:2px;}