Disassociating All Account Authorizations from a User or Group

Function

This API is used to disassociate all account authorizations from a user or group. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/instances/{instance_id}/disassociate-profile

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
instance_id	Yes	String	Globally unique ID of an IAM Identity Center instance.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Security-Token	No	String	Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

**Table 3** Parameters in the request body
Parameter	Mandatory	Type	Description
id	Yes	String	Unique ID of a user or a group.
accessor_type	Yes	String	Type of the principal (a user or a group) to be disassociated.
identity_store_id	Yes	String	Globally ID of the identity source associated with an IAM Identity Center instance.

Response Parameters

Status code: 200

Successful

Status code: 400

**Table 4** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.

Status code: 403

**Table 5** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.
encoded_authorization_message	String	Encrypted error message.

Example Request

Disassociating all account authorizations from a user or group

POST https://{hostname}/v1/instances/{instance_id}/disassociate-profile

{
  "id" : "9190-9834-xxxx",
  "accessor_type" : "USER",
  "identity_store_id" : "d-xxxxxxx"
}