Contact UsTry it for free
© 2025 Direct Cursus Technology L.L.C.

Deactivating and deleting a SAML application in Yandex Identity Hub

Written by
Updated at December 15, 2025

Note

This feature is at the Preview stage.

SAML apps can be managed by users with the organization-manager.samlApplications.admin role or higher.

Deactivate the application

If you need to temporarily disable authentication in an external app using the SAML-based single sign-on for your organization users, deactivate the relevant SAML application.

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. In the row with the SAML application you want to deactivate, click and select Deactivate.
  4. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deactivating a SAML app:

    yc organization-manager idp application saml application suspend --help

  2. Run this command:

    yc organization-manager idp application saml application suspend <app_ID>

    Result:

    id: ek0o663g4rs2********
name: test-saml-app
organization_id: bpf2c65rqcl8********
group_claims_settings:
  group_distribution_type: NONE
status: SUSPENDED
created_at: "2025-10-21T10:51:28.790866Z"
updated_at: "2025-10-21T11:28:09.167252Z"

Use the Application.Suspend REST API method for the Application resource or the ApplicationService/Suspend gRPC API call.

As a result, the SAML application will be deactivated and switch to the Suspended status, and the users will no longer be able to use it for authentication in the relevant external app.

Activate the application

If you need to restore the ability of your organization users to authenticate in an external app using the SAML-based single sign-on, activate the relevant SAML application in Identity Hub:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. In the row with the SAML application you want to activate, click and select Activate.
  4. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for activating a SAML app:

    yc organization-manager idp application saml application reactivate --help

  2. Run this command:

    yc organization-manager idp application saml application reactivate <app_ID>

    Result:

    id: ek0o663g4rs2********
name: test-saml-app
organization_id: bpf2c65rqcl8********
group_claims_settings:
  group_distribution_type: NONE
status: ACTIVE
created_at: "2025-10-21T10:51:28.790866Z"
updated_at: "2025-10-21T11:28:09.167252Z"

Use the Application.Reactivate REST API method for the Application resource or the ApplicationService/Reactivate gRPC API call.

As a result, the SAML application will be activated and switch to the Active status, and the users added to the application will again be able to use it for authentication in the external app.

Delete the application

To delete a SAML application:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. In the row with the SAML application you want to delete, click and select Delete.
  4. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deleting a SAML app:

    yc organization-manager idp application saml application delete --help

  2. Run this command:

    yc organization-manager idp application saml application delete <app_ID>

Use the Application.Delete REST API method for the Application resource or the ApplicationService/Delete gRPC API call.

As a result, the SAML application will be deleted, and the users will no longer be able to use it for authentication in the external app.

See also

Previous
Updating an app
Next
Creating an app