PingOne Advanced Identity Cloud MCP Server

Official

by pingidentity

Overview Schema Related Servers Score Discussions

TypeScript

Hybrid

Delete Managed Object

deleteManagedObject

Destructive

Delete a managed object by its type and ID from PingOne Advanced Identity Cloud. Provide the object type (like alpha_user) and unique identifier to permanently remove it.

Instructions

Delete a managed object by ID from PingOne AIC

Input Schema

TableJSON Schema

Name	Required	Description	Default
`objectType`	Yes	Managed object type (e.g., alpha_user, bravo_user, alpha_role, bravo_role, alpha_group, bravo_group, alpha_organization, bravo_organization). Use listManagedObjects to discover all available types.
`objectId`	Yes	The object's unique identifier (_id)

Implementation Reference

src/tools/managedObjects/deleteManagedObject.ts:12-44 (handler)

The handler for the deleteManagedObject tool. It sends a DELETE request to /openidm/managed/{objectType}/{objectId} and returns a success message or error.

export const deleteManagedObjectTool = {
  name: 'deleteManagedObject',
  title: 'Delete Managed Object',
  description: 'Delete a managed object by ID from PingOne AIC',
  scopes: SCOPES,
  annotations: {
    destructiveHint: true,
    openWorldHint: true
  },
  inputSchema: {
    objectType: z
      .string()
      .min(1)
      .describe(
        `Managed object type (e.g., ${EXAMPLE_TYPES_STRING}). Use listManagedObjects to discover all available types.`
      ),
    objectId: safePathSegmentSchema.describe("The object's unique identifier (_id)")
  },
  async toolFunction({ objectType, objectId }: { objectType: string; objectId: string }) {
    const url = `https://${aicBaseUrl}/openidm/managed/${objectType}/${objectId}`;

    try {
      const { response } = await makeAuthenticatedRequest(url, SCOPES, {
        method: 'DELETE'
      });

      const successMessage = `Deleted managed object ${objectId} from ${objectType}`;
      return createToolResponse(formatSuccess(successMessage, response));
    } catch (error: any) {
      return createToolResponse(`Failed to delete managed object: ${error.message}`);
    }
  }
};

src/tools/managedObjects/deleteManagedObject.ts:21-29 (schema)

Input schema for the tool: objectType (string, min 1) and objectId (validated via safePathSegmentSchema to prevent path traversal).

inputSchema: {
  objectType: z
    .string()
    .min(1)
    .describe(
      `Managed object type (e.g., ${EXAMPLE_TYPES_STRING}). Use listManagedObjects to discover all available types.`
    ),
  objectId: safePathSegmentSchema.describe("The object's unique identifier (_id)")
},

src/index.ts:27-44 (registration)

All tools (including deleteManagedObject) are registered with the MCP server via server.registerTool() in a generic loop that iterates allTool objects.

allTools.forEach((tool) => {
  const toolConfig: ToolConfig = {
    title: tool.title,
    description: tool.description
  };

  // Only add inputSchema if it exists (some tools like getLogSources don't have one)
  if ('inputSchema' in tool && tool.inputSchema) {
    toolConfig.inputSchema = tool.inputSchema;
  }

  // Add annotations if present
  if ('annotations' in tool && tool.annotations) {
    toolConfig.annotations = tool.annotations;
  }

  server.registerTool(tool.name, toolConfig, tool.toolFunction as any);
});

src/tools/managedObjects/index.ts:8-8 (registration)
Re-exports deleteManagedObjectTool from the managedObjects index, which is then imported by toolHelpers.ts.
```
export { deleteManagedObjectTool } from './deleteManagedObject.js';
```

src/utils/apiHelpers.ts:14-42 (helper)

The makeAuthenticatedRequest helper used by the handler to make authenticated HTTP DELETE requests to the PingOne AIC API.

export async function makeAuthenticatedRequest(
  url: string,
  scopes: string[],
  options: RequestInit = {}
): Promise<{ data: unknown; response: Response }> {
  const token = await getAuthService().getToken(scopes);

  const response = await fetch(url, {
    ...options,
    headers: {
      Authorization: `Bearer ${token}`,
      'User-Agent': USER_AGENT,
      // Only add Content-Type header if the request has a body
      ...(options.body && { 'Content-Type': 'application/json' }),
      ...options.headers
    }
  });

  if (!response.ok) {
    const errorBody = await response.text();
    throw new Error(formatError(response, errorBody));
  }

  // Handle empty responses (e.g., 204 No Content or DELETE operations)
  const contentLength = response.headers.get('content-length');
  const data = response.status === 204 || contentLength === '0' ? null : await response.json();

  return { data, response };
}

Tool Definition Quality

A3.7/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already provide destructiveHint: true and openWorldHint: true. The description merely repeats the destructive nature ('Delete') without adding additional behavioral context such as error states, required permissions, or side effects.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single concise sentence that conveys essential information. While it lacks a front-loaded structure, it is efficient and contains no extraneous words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple delete operation with two well-documented parameters and annotations covering destructive behavior, the description is sufficient. It does not explain return values (no output schema) but that is not critical for a delete tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Both parameters have detailed descriptions in the schema (100% coverage), including examples and a suggestion to use listManagedObjects. The tool's description adds no additional meaning beyond what the schema already provides.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Delete'), the resource ('managed object'), and the means ('by ID'). It distinguishes from sibling tools that target different resources (e.g., deleteJourney, deleteManagedObjectDefinition).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description does not explicitly state when to use this tool vs alternatives, but the schema description for objectType provides indirect guidance to use listManagedObjects for discovering types. No explicit exclusions or context are given.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pingidentity/aic-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server