In Ory, you can "soft delete" an identity by changing its state to "inactive" rather than permanently deleting it. This approach allows you to disable user login while preserving the identity record. ## Deactivating an Identity You can set an identity's state to "inactive" using the API or SDK. When an identity is inactive, it cannot use self-service flows such as sign-in, and any attempt to sign in will result in a UI error. ### Using the SDK Here's how to change an identity's state using the SDK:

javascript // JavaScript example import { Configuration, IdentityApi } from "@ory/client"   import { JsonPatchOpEnum } from "@ory/client/api"    const identity = new IdentityApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: process.env.ORY_API_KEY,     }),   )    export async function setState(     identityId: string,     state: "active" | "inactive",   ) {     return await identity       .patchIdentity({         id: identityId,         jsonPatch: [           {             op: JsonPatchOpEnum.Replace,             value: state,             path: "/state",           },         ],       })       .then(({ data }) => data)   }

go // Go example package identity    import (       "context"       "fmt"       "os"        client "<http://github.com/ory/client-go|github.com/ory/client-go>"   )    var authed = context.WithValue(context.Background(), client.ContextAccessToken, os.Getenv("ORY_API_KEY"))    func init() {       cfg := client.NewConfiguration()       cfg.Servers = client.ServerConfigurations{           {URL: fmt.Sprintf("<https://%s.projects.oryapis.com>", os.Getenv("ORY_PROJECT_SLUG"))},       }        ory = client.NewAPIClient(cfg)   }    func setState(identityId string, state string) (err error) {       _, _, err = ory.IdentityApi.           PatchIdentity(authed, identityId).           JsonPatch([]client.JsonPatch{{Op: "replace", Path: "/state", Value: state}}).Execute()       return err   }

[Ory Identities Model](https://www.ory.sh/docs/identities/model/activate-deactivate-user-login-state) ## Revoking Sessions If you also want to terminate all active sessions for the deactivated identity, you would need to do that as a separate step. The Ory API allows you to delete identity sessions. ## Note on Ory Console Currently, the Ory Console doesn't have a direct button to deactivate an identity, but this functionality is available through the SDK and API as shown above. [GitHub Issue: Disable User and Revoke all sessions](https://github.com/ory/network/issues/415) Remember that this approach is different from permanently deleting an identity, which can be done using the

deleteIdentity

API endpoint or the CLI commands like

ory delete identity

or

kratos delete identity

.

@chilly-king-10285 are there any apis to do that

Yes, there are APIs available to change an identity's state to "inactive" in Ory Kratos. Here are the specific API endpoints you can use: ### 1. Patch Identity API You can use the

PATCH /admin/identities/{id}

endpoint with a JSON Patch operation to change the state:

json [   {     "op": "replace",     "path": "/state",     "value": "inactive"   } ]

This is the most direct way to change an identity's state to inactive, as shown in the Go SDK example from the documentation:

go ory.IdentityApi.   PatchIdentity(authed, identityId).   JsonPatch([]client.JsonPatch{{Op: "replace", Path: "/state", Value: "inactive"}}).Execute()

[Ory Identities Model](https://www.ory.sh/docs/identities/model/activate-deactivate-user-login-state) ### 2. Update Identity API Alternatively, you can use the

PUT /admin/identities/{id}

endpoint to update the entire identity, including changing its state to "inactive". This requires sending the complete identity object with the state field set to "inactive". Both of these API endpoints require authentication with an Ory API key or access token, as indicated in the documentation:

Authentication: * oryAccessToken

When an identity is set to "inactive", it will no longer be able to use self-service flows such as sign-in, effectively "soft deleting" the identity while preserving all its data.