Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Deactivating and deleting an OIDC application in Yandex Identity Hub

Written by
Updated at November 12, 2025

Note

This feature is at the Preview stage.

OIDC apps can be managed by users with the organization-manager.oauthApplications.admin role or higher.

Deactivate the application

If you need to temporarily disable authentication in an external app using the OpenID Connect (OIDC) single sign-on for your organization’s users, deactivate the relevant OIDC application in Identity Hub:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. Next to the OIDC application you want to deactivate, click and select Deactivate.
  4. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deactivating an OIDC app:

    yc organization-manager idp application oauth application suspend --help

  2. Run this command:

    yc organization-manager idp application oauth application suspend <app_ID>

    Result:

    id: ek0o663g4rs2********
name: test-oidc-app
organization_id: bpf2c65rqcl8********
group_claims_settings:
  group_distribution_type: NONE
client_grant:
  client_id: ajeqqip130i1********
  authorized_scopes:
    - openid
status: SUSPENDED
created_at: "2025-10-21T10:51:28.790866Z"
updated_at: "2025-10-21T11:28:09.167252Z"

This will deactivate the OIDC application and switch its status to Suspended, and the users will no longer be able to use it for authentication in the relevant external app.

Activate the application

If you need to restore the ability of your organization’s users to authenticate in an external app using the OIDC single sign-on, activate the OIDC application in Identity Hub:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. Next to the OIDC application you want to activate, click and select Activate.
  4. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for activating an OIDC app:

    yc organization-manager idp application oauth application reactivate --help

  2. Run this command:

    yc organization-manager idp application oauth application reactivate <app_ID>

    Result:

    id: ek0o663g4rs2********
name: test-oidc-app
organization_id: bpf2c65rqcl8********
group_claims_settings:
  group_distribution_type: NONE
client_grant:
  client_id: ajeqqip130i1********
  authorized_scopes:
    - openid
status: ACTIVE
created_at: "2025-10-21T10:51:28.790866Z"
updated_at: "2025-10-21T11:28:09.167252Z"

This will activate the OIDC application, switch its status to Active, and enable the users added to the application to use it for authentication in the external app again.

Delete the application

To delete an OIDC application:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. Next to the OIDC application you want to delete, click and select Delete.
  4. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deleting an OIDC app:

    yc organization-manager idp application oauth application delete --help

  2. Run this command:

    yc organization-manager idp application oauth application delete <app_ID>

This will delete the OIDC application, and the users will no longer be able to use it for authentication in the external app.

See also

Previous
Getting app information
Next
Creating an MFA policy