Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Deactivating a user

Written by
Updated at February 10, 2026

To suspend a user’s access to organization resources, you can deactivate the user. Deactivation will terminate all the user's sessions, and the user will lose access to the organization's resources until reactivated.

Note

You can activate and deactivate only federated and local users. You cannot activate or deactivate Yandex account users.

Deactivating a federated user

To deactivate a federated user account:

  1. Log in to Yandex Identity Hub using an administrator or organization owner account.

  2. In the left-hand panel, select Users and find the federated or local user you need.

    Optionally, use the search bar or filter at the top of the page.

  3. In the row with the user, click and select Deactivate.

  4. In the window that opens, confirm deactivation.

    You can also give a reason for account deactivation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deactivating federated users:

    yc organization-manager federation saml suspend-user-accounts --help

  2. Get a list of federations in the organization:

    yc organization-manager federation saml list \
  --organization-id <organization_ID>

    Where --organization-id is the ID of the organization you need the list of federations for.

  3. Get a list of active federation users:

    yc organization-manager federation saml list-user-accounts <federation_ID> \
  --organization-id <organization_ID> \
  --filter active=true

    Where:

    • <federation_ID>: ID of the federation you need the list of users for.
    • --organization-id: ID of the organization the federation belongs to.
    • --filter active=true: Filter to get only active users.

  4. To deactivate users, provide their IDs in this command:

    yc organization-manager federation saml suspend-user-accounts <federation_ID> \
  --subject-ids <user_1_ID>,<user_2_ID>,...,<user_N_ID> \
  --organization-id <organization_ID> \
  --reason <reason_for_deactivation>

    Where:

    • <federation_ID>: ID of the federation to deactivate users in.
    • --subject-ids: List of user IDs for deactivation.
    • --organization-id: ID of the organization the federation belongs to.
    • --reason: Reason for deactivation. This is an optional parameter.

Use the Federation.Suspend REST API method for the Federation resource or the FederationService/Suspend gRPC API call.

Deactivating a local user

To deactivate a local user account:

  1. Log in to Yandex Identity Hub using an administrator or organization owner account.

  2. In the left-hand panel, select Users and find the federated or local user you need.

    Optionally, use the search bar or filter at the top of the page.

  3. In the row with the user, click and select Deactivate.

  4. In the window that opens, confirm deactivation.

    You can also give a reason for account deactivation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command to deactivate a pool user:

    yc organization-manager idp user suspend --help

  2. To get a list of pools in an organization, provide its ID in this command:

    yc organization-manager idp userpool list \
  --organization-id <organization_ID>

    Result:

    +----------------------+--------------+-------------+----------------------+---------------------+
|          ID          |     NAME     | DESCRIPTION |   ORGANIZATION ID    |     CREATED AT      |
+----------------------+--------------+-------------+----------------------+---------------------+
| ek0o6g0irskn******** | sample-pool1 |             | bpf2c65rqcl8******** | 2025-05-17 10:01:04 |
| ek03mf01jr4z******** | sample-pool2 |             | bpf2c65rqcl8******** | 2025-06-28 16:30:23 |
+----------------------+--------------+-------------+----------------------+---------------------+

  3. To get the IDs and other information about pool users, provide the pool ID in the following command:

    yc organization-manager idp user list \
  --userpool-id <user_pool_ID>

    Result:

    +----------------------+----------------------------------------+-----------+----------------------+-----------+---------------------+
|          ID          |                USERNAME                | FULL NAME |     USERPOOL ID      | IS ACTIVE |     CREATED AT      |
+----------------------+----------------------------------------+-----------+----------------------+-----------+---------------------+
| aje3i1gq49n3******** | test-user1@test.ru.idp.yandexcloud.net | User 1    | ek0o6g0irskn******** | true      | 2025-10-07 10:41:54 |
| aje0j5mts02t******** | test-user2@test.ru.idp.yandexcloud.net | User 2    | ek0o6g0irskn******** | false     | 2025-07-16 11:18:57 |
+----------------------+----------------------------------------+-----------+----------------------+-----------+---------------------+

  4. To deactivate a user, provide their ID in this command:

    yc organization-manager idp user suspend <user_ID> \
  --reason <reason_for_deactivation>

    Where --reason is the reason for deactivation. This is an optional parameter.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

  1. Describe the user parameters in the configuration file:

    resource "yandex_organizationmanager_idp_user" "example_user" {
  userpool_id = "<pool_ID>"
  username    = "<username>"
  full_name   = "<full_username>"
  is_active   = false
}

    Where:

    • userpool_id: ID of the pool the user is in.
    • username: Username.
    • full_name: User’s full name.
    • is_active: Activation flag. Set to false to deactivate the user.

    For more information about yandex_organizationmanager_idp_user properties, see the relevant provider documentation.

  2. Create the resources:

    1. In the terminal, go to the directory where you edited the configuration file.

    2. Make sure the configuration file is correct using this command:

      terraform validate

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.

    3. Run this command:

      terraform plan

      You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.

    4. Apply the changes:

      terraform apply

    5. Type yes and press Enter to confirm the changes.

    Terraform will create all the required resources. You can check the new resources and their settings either in Yandex Identity Hub or using this CLI command:

    yc organization-manager idp user get <user_ID>

Use the User.Suspend REST API method for the User resource or the UserService/Suspend gRPC API call.

See also

Previous
Activating a user
Next
Viewing user logs