## Revoking tokens for deactivated users
When SonarQube authentication is delegated to an external identity provider, deactivating a user on the identity provider side does not remove any tokens associated with the user on the SonarQube side. We recommend deactivating the user in SonarQube at **Administration > Security > Users** by selecting **Deactivate** from the  drop-down menu to ensure tokens associated with that user can no longer be used.
-## Anonymizing users' personal data
-SonarQube offers the possibility to anonymize the data of deactivated users. This comes in handy when you want to ensure that the personal data of past users is not retained, for example, for legal compliance.
+## Delete users' personal information
+SonarQube offers the possibility to anonymize the data of deactivated users. This comes in handy when you want to ensure that the personal data of deactivated users is not retained, for example, for legal compliance.
+
+You can delete a user's personal information by following the steps listed above to revoke tokens for any deactivated users and select the checkbox titled **Delete user’s personal information**.
+
+You can also delete personal information using the API. First, the user needs to be deactivated, then an admin can use the webservice `/api/users/anonymize` and pass to it the login of a deactivated user to replace all personal data of the user with anonymized data. Note that the admin is able to retrieve the logins of deactivated users by using `/api/users/search` endpoint with the appropriate parameter.
-In order to anonymize data, the user first needs to be deactivated. Only then can an admin use the webservice `/api/users/anonymize` and pass to it the login of a deactivated user to replace all personal data of the user with anonymized data. Note that the admin is able to retrieve the (now anonymized) logins of deactivated users by using `/api/users/search` endpoint with the appropriate parameter.
-Deleting user's personal information can also be achieved through UI, by following the steps mentioned in the paragraph above and checking the checkbox titled 'Delete user’s personal information'.
This feature has the following limitations:
-- Anonymizing a user will change its login, making it impossible to reactivate the user by recreating a user with the old login.
+- Deleting the personal information of a user will change its login, making it impossible to reactivate the user by recreating a user with the old login.
- The user’s login may still be stored in issue changelogs and the user’s login, name and email address may still be stored in audit entries. Audit entries are purged by default after 30 days.
+- Deleted users may still appear in the list of authors and other locations due to SCM data.
- Some columns in the database may contain parts of the user's login if the user was created before the instance was upgraded to SonarQube 8.3.
\ No newline at end of file
An Administrator can only create [user tokens](/user-guide/user-token/) on behalf of another user.
Once established, a token is the only credential needed to run an analysis. Tokens should be passed as the value of the `sonar.login` property.
+See the [Authentication overview](/instance-administration/authentication/overview/) for details on
+
+ * revoking tokens for deactivated users.
+ * deleting personal user information.
+
### Token Maximum Lifetime
*The ability to configure a maximum lifetime for tokens is available starting in [Enterprise Edition](https://redirect.sonarsource.com/editions/enterprise.html).*
projects / sonarqube.git / commitdiff