Hi sreehari.vpillai,

This seems to be a topic for a ticket at SAP support. Have you opened one yet?

Best regards,
Ivan

ivan.mirisola I did one now.

https://me.sap.com/cases/002075129500010447152023/overview

Hi sreehari.vpillai,

I'm not exactly a guru on this topic, but I reckon the two solutions might not be as connected as you're thinking. So here's what I'm thinking - even if your Shadow User stays "Active" in your Subaccount, it should no longer be able to access any app if it's "deactivated" in the Cloud Identity Service, seeing as the login process goes through SAP IAS. But please correct me if I've misunderstood your setup. I totally get where you're coming from - a "sync" feature would be awesome... But it seems like - for now - you might have to "deactivate" the user in both areas using API calls or the Cockpit.

All the best,

Martin

martinfrick I was building an API to pull the list of users active in the sub account in a multi tenant scenario . SAP responded to set up a sync service or to manually delete the user from sub account for the API to function. A user deleted / deactivated in the CIS is not automatically synced .

Hi sreehari.vpillai, thanks for the additional context. I somehow missed the incident link... I hope that the API-based deletion approach or a sync via e.g., SAP IPS is a viable alternative for you. Best! Martin