User lifecycle
Portal logins move through a defined set of states. Understanding this prevents confusion when a deletion appears to be stuck or takes longer than expected.
States
| Status | What it means |
|---|---|
| Active | The user can sign in to the portal |
| Inactive | The user cannot sign in. The login record is retained. Can be reactivated. |
| PendingDelete | Deletion has been requested. The system is checking whether the user can be safely removed. |
| ToBeDeleted | All checks have passed. The record will be physically deleted within 24 hours. Cannot be reversed. |
State transitions
Active ──► Deactivate Login ──► Inactive
│ │
│ Activate Login
│ │
│◄───────────────────────────────┘
Active ──► Delete Login ──► PendingDelete ──► (checks pass) ──► ToBeDeleted ──► Deleted
│
Undo Delete
│
Active
Why deletion takes time
When you request deletion of a portal login, Portal Connect does not delete the record immediately. Instead it moves to PendingDelete and the system checks whether the user can safely be removed.
Every 60 minutes, the background housekeeping job checks each PendingDelete login and asks every installed consumer application: "Can this login be deleted?" A consumer application blocks deletion if the user has open or unresolved work - for example, an unsubmitted expense report in Expense Management.
If deletion is blocked, a message appears on the portal explaining why. You can view these messages from the AppsForDynamics365 Logins page using the Show Messages action on the login.
Once the consumer application clears the user (for example, once open expense reports are submitted), the next housekeeping run advances the login to ToBeDeleted, and the record is physically deleted within 24 hours.
What you can do
| Situation | Action |
|---|---|
| User is leaving but has open work | Deactivate the login immediately (blocks portal access); delete once the work is resolved |
| Deletion is blocked | View the blocking message; resolve the issue in the relevant application; the system will retry automatically |
| Deletion was requested by mistake | Use Undo Delete on the login - this returns the login to Active status |
| You need access removed immediately | Use Deactivate Login - this blocks portal access at once without going through the deletion process |
Housekeeping runs automatically
The checks described above run every hour as a background job. You do not need to trigger anything manually. If a login has been in PendingDelete for more than 7 days without resolving, a warning is logged to the system telemetry - this usually indicates that a consumer application has not released the user and should be investigated.