Back to top
Home / Knox Authentication Manager / How-to guides /

Remove a user account

Last updated April 9th, 2025

When a user leaves your enterprise, you may want to remove their Knox Authentication Manager user credentials from your devices. This includes their username, password, PIN, face biometrics, and work app data.

User profiles can be removed if the device user deletes their profile from the Knox Authentication Manager app, when configuring app policies in your UEM console, or if a profile automatically expires after a period of inactivity.

Deleting a user’s profile only removes their user credentials from Knox Authentication Manager.

Delete a user profile

Users can remove their credentials from Knox Authentication Manager by deleting their profile from the app.

If you are a device user, you can delete your profile using the following steps:

  1. In the Knox Authentication Manager menu, tap Delete profile.

  2. Enter your enterprise password and tap Confirm.

  3. On the Delete your profile? pop-up, tap OK.

    Delete profile.

Manually remove a user’s credentials across all devices

You can use the Manually delete user profile policy to completely remove a user’s Knox Authentication Manager credentials from devices in the same sync group as the user.

To delete a user’s credentials from Knox Authentication Manager:

  1. When configuring app policies in your UEM console, enter the Entra ID of the user you wish to remove in the Manually delete user profile policy field.
  2. Push the profile to your devices.

An example of a successful deletion using SOTI MobiControl is shown as follows:

Delete user profile from SOTI MobiControl.

Automatically delete unused profiles

When setting app policies, you can configure unused profiles to be automatically deleted after a period of inactivity. This ensures you won’t have to manually remove user credentials for profiles that aren’t being used anymore.

To set automatic deletion of inactive profiles:

  1. When configuring app policies in your UEM console, in the Auto delete unused profile after (months) policy field, enter the time period after which an inactive profile will be deleted.
    • To set in months, enter any numerical value from 1 — 36. One month is defined as 30 days.
    • To set in days, enter any numerical value from 1 — 1080 and append d to the number (for example, 14d, 28d).
  2. Push the profile to your devices.

If any profile configured in Knox Authentication Manager v1.7 or higher is pushed to devices running older versions of the app, such as v1.6 or lower versions, a default value of 3 months (90 days) is set for the Auto delete unused profile after (months) policy. For more information, see Auto delete unused profile after (months) policy automatically set to 3 months.

On this page

Is this page helpful?