Delete Policy for Service Principal

By default, the connector deletes the application object along with the service principal. If you want to retain the corresponding application and only delete the service principal, you can use one of the following methods:

  • Use Delete Policy for Service Principal

    • Set the retainSPNAppAfterDelete attribute as true as map attributes as shown in the following example:

      Copy
      <ProvisioningPlan >
                                      <AccountRequest application="AzureAD-SPN" nativeIdentity="ab69ab59-2935-412c-bd8d-772bbe82aaa7:dc404c70-7f4e-49ca-a223-0cee4ef75b4f" op="Delete">
                                      <Attributes>
                                      <Map>
                                      <entry key="retainSPNAppAfterDelete" value="true"/>
                                      </Map>
                                      </Attributes>
                                      </AccountRequest>
                                  </ProvisioningPlan>
    • Set the retainSPNAppAfterDelete attribute to true in the attribute requests as shown in the following example:

      Copy
      <ProvisioningPlan">
                                      <AccountRequest application="AzureAD-SPN" nativeIdentity="ab69ab59-2935-412c-bd8d-772bbe82aaa7:dc404c70-7f4e-49ca-a223-0cee4ef75b4f" op="Delete">
                                      <AttributeRequest name="retainSPNAppAfterDelete" op="Add">
                                      <Value>
                                      <Boolean>true</Boolean>
                                      </Value>
                                      </AttributeRequest>
                                      </AccountRequest>
                                  </ProvisioningPlan>
  • Use the following Application level flag by adding it to the application Debug page (this setting can be applied for all delete requests:

    <entry key="retainSPNAppAfterDelete" value="true"