I want remove the users from Azure subscriptions programmatically.
We have lot of ways in the web to remove the AAD user but I could not find source to remove the users from Azure subscriptions.
Can we remove the user from Azure subscriptions programmatically?
How can we do this?
Finally i found the answer. We have to do multiple steps to remove the user from Subscription.
Before we start implementing the below steps you need to create Client Id and client secret and create auth token using those client id and secret.
First i am fetching all the users by below GET API. Here is URL for reference.
example get method URL for above reference is: https://management.azure.com/subscriptions/{your subscription id here}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01
Above URL will fetch all the Users principal Id(User GUID) and RoleAssigementID.
Then you can delete a specific user you want. Same above URL has reference to remove the User from Susbcription.
example delete method URL for above reference is: https://management.azure.com//subscriptions/{your subscription id here}/providers/Microsoft.Authorization/roleAssignments/{User role Assignment id}/providers/Microsoft.Authorization/roleAssignments/{User role Assignment id}?api-version=2015-07-01
You can find the role assignment id from the first step.
Extra information: First step will fetch principal id and role id but if you need other information of the user(ex: emailid, name, etc) you can use Graph API to fetch all information of the User. Here is the URL for reference.
Before calling this API, you need to create another auth token(which is different from above auth token) for this.
https://graph.windows.net/{your tenant id}/getObjectsByObjectIds?api-version=1.6