I do not completely understand your question or situation.
When you say that you delete the user I assume that you are doing that in the QMC? Are you deleting both users here?
I am not 100% sure about this. In our situation a user account is created when that user opens the QS URL and logs in. I have not tried this. But I suspect that as long as the user is included in the authorization connector that they could log back in after you deleted them and this would create their account again. So they have to be taken out of the AD group or whatever you are using so that when the next sync occurs they are no longer there and this will not happen.
I suspect what you want to do is block them in the QMC so that they can not login. Then remove the flag or whatever you are using to identify them in your connector as a Qlik user so that they do not sync any longer. Then delete them.
But I honestly am guessing on this.
I'll try to clarify the events I'm seeing:
- User account is created by opening the QS url.
- User's access works fine, until
- UDC, which explicitly looks for that user's ID (not AD group), syncs and then the user is deactivated externally.
- I delete the user in the UDC, then go back to number one.
My goal is to allow only a few users access, hence the explicit whitelisting of a few user IDs. What's weird is that a few other users are included in this same UDC but they aren't deactivated like this one is.
For future reference, the problem ended up being the LDAP filter I had on the user directory connector. I removed the LDAP filter entirely, unchecked the sync existing users flag, and set up security rules based on AD group attributes in the QS user fields, e.g. stream security based on membership in specific AD groups. This has resolved all my user deactivation issues.