Docs Menu

Delete or Prevent Users From Accessing an App

On this page

  • Delete a User
  • Disable a User
  • Enable a User
  • Revoke a User's Sessions

You can completely remove a user from your application, including any metadata and authentication provider identities.


If you don't want to delete the user's account, you can disable their account to temporarily suspend their access.

You can give users the option to delete their own account from a client application when you use the SDK to delete users.


App Services does not automatically delete any data in your linked MongoDB Atlas cluster that you have associated with a deleted user. For example, if your application allows users to create data that linked to a user by including their ID in an owner_id field, deleting the user object does not delete the user-created linked data. To remove all traces of a deleted user, you must manually delete or modify any such documents.

You can temporarily disable a user, which prevents the user from logging in and invalidates any of the user's existing access and refresh tokens. You can enable a disabled user to let them log in again.

You can enable a disabled user to let them log in again.

You can revoke all of a user's current sessions. This invalidates the sessions and prevents the user from making any requests on any device until they log in again.

←  Enable User MetadataAuthentication Providers →
Give Feedback
© 2022 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.