What's the right way to deactivate and reactivate users with and without SSO?

We are on SonarQube Enterprise 10.1. Even though SonarQube licensing is based on lines of code, internally I need to rebill parts of my company using active user count as a rough proxy. So I wrote a script to deactivate users based on last connection date and/or employee status.

I tested with one user by calling


and it works; however the user is now completely invisible in the admin UI. If I call Create, per the API docs it reactivates the user.

My question is, what’s the right way to do this for SSO users? Should I just remove them from the underlying AD group? The goal is for the app’s Active flag to accurately represent employee and app usage status.

Hey there.

This API endpoint is the right one to call to deactivate any user (SSO or not). Removing the user from the underlying AD group will only have an impact the next time a user logs into SonarQube, but keep reading…

It sounds like you’d be interested in using SCIM if you use a supported identity provider. This supports things like user deletion and group updates without a login event.