Unassign Role from User

Remove a role from an Office 365 user.

Caution

The Unassign Role from a User doesn't support custom roles. If you try to unassign a custom role using this action card, an error will be returned.

Options

Field Definition Type Required
Role ID Identify the ID of the Office 365 role that will be unassigned to a specified user. Dropdown TRUE
Role Template ID Identify the ID of the Office 365 directoryRoleTemplate on which the role to be unassigned to a specified user is based.

The property must be specified when activating a directory role in a tenant with a POST operation. After the directory role has been activated, the property is read only.

Dropdown TRUE

Input

Field Definition Type Required
User
Id or Username User ID or username of the Office 365 user. This is the user's User Principal Name (UPN). A UPN is formed by taking the username and domain and combining them with the @ separator.

For example, john.doe@somedomain.com. This could be the user’s email address, but this is not true in all cases.

This field displays when Role Template Id is selected in Options.

String TRUE
Role ID Unique ID for the role.

This field displays when Role Id is selected in Options

String TRUE
Role      
Role Template Id ID of the directoryRoleTemplate on which this role is based. The property must be specified when activating a directory role in a tenant with a POST operation. After the directory role has been activated, the property is read only.

This field displays when Role Template Id is selected in Options.

String TRUE
Tip

If the string for the UPN input begins with $, remove the slash / after /users and enclose the UPN value in parentheses and single quotes. For example, /users('$AdeleVance@contoso.com'). See Known issues with Microsoft Graph.

To search for a B2B user using a UPN input value, encode the hash # character as %23. For example, /users/AdeleVance_adatum.com%23EXT%23@contoso.com.

Output

Field Definition Type
Status Code Result of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 201 Created status code indicates success where a new resource was created.
  • A 403 Forbidden error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number

Related topics

Office 365 Admin connector

About the elements of Okta Workflows

Office 365 Admin Management API overview