Deleting synced users
You can delete unwanted LDAP users synced to FortiDLP via the FortiDLP Console.
You can manually delete a user in the Users module for any reason, for example, to remove a user's personal information when they leave your company.
When you delete a user, you remove their directory information and labels. Additionally, you remove all references to the user, such as where they are associated with events, detections, incidents, and nodes. To indicate a user was historically associated with an event, the text "[DELETED]" will replace the user's details.
A deleted user can be manually restored via the api/v1/admin/users/restore FortiDLP API endpoint. Once they are restored, they will be set to the state "Archived (never enrolled)", and they then need to be re-synced or re-imported to FortiDLP so that they will be unarchived and re-associated with their events.
For instructions on how to do this, see Deleting users in the FortiDLP Administration Guide.