diff --git a/content/en/docs/apidocs-mxsdk/apidocs/governance/user-deactivation-api.md b/content/en/docs/apidocs-mxsdk/apidocs/governance/user-deactivation-api.md
new file mode 100644
index 00000000000..a86234e27a5
--- /dev/null
+++ b/content/en/docs/apidocs-mxsdk/apidocs/governance/user-deactivation-api.md
@@ -0,0 +1,79 @@
+---
+title: "User Deactivation API"
+linktitle: "User Deactivation API"
+url: /apidocs-mxsdk/apidocs/user-deactivation-api/
+type: swagger
+description: "The User Deactivation API allows Mendix Admins to deactivate users within their company on the Mendix Platform."
+restapi: true
+weight: 112
+---
+
+{{% alert color="warning" %}}
+The User Deactivation API is available for Mendix Admins.
+{{% /alert %}}
+
+## Introduction
+
+The User Deactivation API allows Mendix admins to deactivate users within their company on the Mendix Platform. You can use this API as part of your implementation of Joiner, Mover, and Leaver (JML) processes, for example, deactivation of users can be used to revoke access to the Mendix platform for certain 'movers' and for 'leavers'. In this way the API may help your company to comply with its access policies.
+
+Note that this API only manages access to Mendix as a development platform. If you need to implement JML processes for end-users in your Mendix apps, it is recommended to add the [SCIM](/appstore/modules/scim/) module to your applications.
+
+Once you have deactivated users, they will no longer be able to log in to the Mendix platform or use the Mendix platform API with a Personal Access Token (PAT).
+
+As an alternative, you can use this API to deactivate platform users, instead of the deprecated User Management API.
+
+## Authentication
+
+Authentication for the User Deactivation API uses a personal access token (PAT).
+
+### Generating a PAT
+
+To generate a PAT, see the [Personal Access Tokens](/community-tools/mendix-profile/user-settings/#pat) section of *User Settings*.
+
+Select the following as **User Deactivation API** scopes:
+
+* `mx:user-deactivation:write` – to deactivate users
+
+Store the generated value `{GENERATED_PAT}` somewhere safe so you can use it to authorize your User Deactivation API.
+
+### Using the PAT
+
+Each request must contain an `Authorization` header with the value `MxToken {GENERATED_PAT}`. Here is an example:
+
+```http
+PATCH /v1/platform-users/{uuid} HTTP/1.1
+Authorization: MxToken EKNJ…vk
+```
+
+To authenticate calls when using the Open API specification below, click **Authorize** and use the value `MxToken {GENERATED_PAT}`.
+
+## Prerequisites
+
+You must have the UserID of the user you want to deactivate. Follow the steps below to retrieve the UUID of the user:
+
+1. The Mendix Administrator creates a Personal Access Token (PAT) via the Developer Portal, with the following scope:
+`mx:mxid3:user-identifiers:uuid:read`
+2. Invoke the User Identifier API to fetch the UUID based on the user's email address, using the PAT generated in the above step.
+
+## Examples
+
+### Using the API to Deactivate User
+
+{{% alert color="info" %}}Only Mendix Admins from the company have the authority to deactivate users.{{% /alert %}}
+
+The following steps lead to deactivating the user based on the UUID provided as in {UUID}:
+
+1. Set up your authentication PAT. You must be a Mendix Admin.
+1. Create a request body containing the active status, and provide a body like this:
+
+ ```json
+ {
+ "active" : false
+ }
+ ```
+
+1. Call `PATCH /v1/platform-users/{UUID}` to deactivate the User with the provided {UUID}.
+
+## API Reference
+
+{{< swaggerui src="/openapi-spec/user-deactivation-api.yaml" >}}
\ No newline at end of file
diff --git a/content/en/docs/apidocs-mxsdk/apidocs/governance/user-management-api.md b/content/en/docs/apidocs-mxsdk/apidocs/governance/user-management-api.md
index bed38e7a6de..ea7f29e5234 100644
--- a/content/en/docs/apidocs-mxsdk/apidocs/governance/user-management-api.md
+++ b/content/en/docs/apidocs-mxsdk/apidocs/governance/user-management-api.md
@@ -13,6 +13,8 @@ deprecated: true
This API is deprecated. If you are currently using this API or intend to start using it, please look at, and contribute to [this idea in the Mendix Community](https://community.mendix.com/link/space/user-experience/ideas/3962). This will allow us to understand your use case and will help us to prioritize a new API that is fit for purpose.
Alternatively, you can consider using the [Projects API](/apidocs-mxsdk/apidocs/projects-api/), which provides functionality to manage project memberships for platform users. Although it does not fully cover all kinds of platform users, it can still serve as a viable option for many use cases. Additionally, if you are using BYOIDP, you can restrict platform access to a designated group of users by creating a Mendix platform users group in your IdP. For more information, see [Set Up an SSO (BYOIDP)](/control-center/security/set-up-sso-byoidp/).
+
+You can also consider using the [User Deactivation API](/apidocs-mxsdk/apidocs/user-deactivation-api/) that allows Mendix admins to deactivate users within their company on the Mendix Platform.
{{% /alert %}}
The User Management API allows your company's user management systems to integrate with the Mendix Platform. Through this API, you can create and manage user accounts in your company. Additionally you can create and manage groups. In the Mendix Platform, you can define group policies for groups which grant access to your company's applications to their members.
diff --git a/content/en/docs/community-tools/mendix-profile/user-settings.md b/content/en/docs/community-tools/mendix-profile/user-settings.md
index e9059e3ba5c..16d319f8622 100644
--- a/content/en/docs/community-tools/mendix-profile/user-settings.md
+++ b/content/en/docs/community-tools/mendix-profile/user-settings.md
@@ -209,6 +209,7 @@ The following Mendix services support usage of PATs:
* [Catalog API](/apidocs-mxsdk/apidocs/catalog-apis/)
* [App Repository API](/apidocs-mxsdk/apidocs/app-repository-api/)
* [Projects API](/apidocs-mxsdk/apidocs/projects-api/)
+* [User Deactivation API](/apidocs-mxsdk/apidocs/user-deactivation-api/)
#### Creating a PAT {#create-pat}
diff --git a/static/openapi-spec/user-deactivation-api.yaml b/static/openapi-spec/user-deactivation-api.yaml
new file mode 100644
index 00000000000..3cae173b775
--- /dev/null
+++ b/static/openapi-spec/user-deactivation-api.yaml
@@ -0,0 +1,204 @@
+openapi: 3.0.0
+info:
+ version: 1.0.0
+ title: User Deactivation API
+ description: The API allows a Mendix Admin to deactivate user of company by providing UUID of the user.
+ termsOfService: 'https://www.mendix.com/terms-of-use/'
+ contact:
+ name: Mendix Support
+ url: 'https://support.mendix.com'
+ email: support@mendix.com
+servers:
+ - url: 'https://users-status-api.home-test.mendix.com/v1'
+paths:
+ '/platform-users/{uuid}':
+ patch:
+ tags:
+ - User Deactivation API
+ summary: Deactivate the user based on UUID provided
+ description: This API deactivates user of the company based on the UUID provided as parameter
+ operationId: user-deactivation-api
+ parameters:
+ - name: uuid
+ in: path
+ description: UUID of the user
+ required: true
+ schema:
+ type: string
+ pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
+ minLength: 36
+ maxLength: 36
+ example: c5f3afba-cc28-4f56-b922-1e606807bed4
+ requestBody:
+ description: |-
+ Request payload containing the Active attribute. It should be false to deactivate the user
+ Note: The API only allows 'false' as value
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/requestPayload'
+ examples:
+ requestPayload:
+ value:
+ active: false
+ responses:
+ '204':
+ description: No Content
+ '400':
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/error'
+ examples:
+ payloadNotJSON:
+ value:
+ error:
+ code: 400
+ message: 'Error parsing JSON. com.mendix.systemwideinterfaces.core.UserException: A problem occurred parsing attribute ''Active'' of object of type ''CompanyService.PatchUserRequest''. The value was ''fal''. This isn''t allowed by the schema.'
+ invalidPayload:
+ value:
+ error:
+ message: The request data did not validate
+ detail: Request payload is invalid.
+ code: 400
+ instance: 'urn:uuid:d18fb790-05e7-4cd1-8f36-31326a894778'
+ '401':
+ description: Unauthorized
+ content:
+ application/json:
+ schema:
+ oneOf:
+ - $ref: '#/components/schemas/error'
+ - $ref: '#/components/schemas/patError'
+ examples:
+ invalidAccessToken:
+ value:
+ error:
+ message: Unauthorized
+ detail: Access token is non-existent or expired.
+ code: 401
+ instance: 'urn:uuid:766f0ee2-e9a2-445b-bbc5-93dfdc5b5d22'
+ wrongPATtoken:
+ value: Supplied personal access token is invalid.
+ emptyToken:
+ value:
+ error:
+ message: Unauthorized
+ detail: No access token provided in the request.
+ code: 401
+ instance: 'urn:uuid:6472756a-a65a-4a32-8ff7-372d5deef7f5'
+ '403':
+ description: Forbidden
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/error'
+ examples:
+ requestorNotAdmin:
+ summary: 403 Forbidden wrong admin
+ value:
+ error:
+ message: Forbidden
+ detail: Requestor is not Mendix Admin for the company
+ code: 403
+ instance: 'urn:uuid:0e5d5395-da05-4f27-86b3-cc5e559af5ab'
+ personDeactivatingHimself:
+ summary: 403 member Cannot deactivate Himself
+ value:
+ error:
+ message: Forbidden
+ detail: '{"status":403,"title":"Forbidden","detail":"Member cannot (de)active himself"}'
+ code: 403
+ instance: 'urn:uuid:9d13b5a2-47be-495d-a4f8-321de86b7e47'
+ forbiddenScope:
+ value:
+ error:
+ message: Forbidden
+ detail: Access token does not include the required scope.
+ code: 403
+ instance: 'urn:uuid:0cbe900c-6656-447d-8e51-54097cdfcd65'
+ '500':
+ description: Internal Server Error
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/error'
+ examples:
+ InternalServerError:
+ value:
+ error:
+ message: Internal Server Error
+ detail: Internal Server error
+ code: 500
+ instance: 'urn:uuid:dab1c9ba-1b2a-423a-8a56-4f627a571740'
+ '503':
+ description: Service Unavailable
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ requestId:
+ type: string
+ x-examples:
+ Example 1:
+ message: failure to get a peer from the ring-balancer
+ request_id: 960c04249094f36ecf89252924e61571
+ examples:
+ ServerUnavailable:
+ value:
+ message: failure to get a peer from the ring-balancer
+ request_id: 960c04249094f36ecf89252924e61571
+ security:
+ - PersonalAccessToken: []
+ servers:
+ - url: 'https://users-status-api.home-test.mendix.com/v1'
+ description: ''
+components:
+ securitySchemes:
+ PersonalAccessToken:
+ type: apiKey
+ description: 'For more information about requesting and using a token see [Create a Personal Access Token with Warden](https://docs.mendix.com/developerportal/community-tools/warden).
The header must be set to `MxToken `'
+ name: Authorization
+ in: header
+ schemas:
+ requestPayload:
+ type: object
+ description: The payload format
+ properties:
+ active:
+ type: boolean
+ x-examples:
+ Example 1:
+ active: false
+ error:
+ type: object
+ properties:
+ error:
+ type: object
+ properties:
+ message:
+ type: string
+ detail:
+ type: string
+ code:
+ type: integer
+ instance:
+ type: string
+ x-examples:
+ Example 1:
+ error:
+ message: Unauthorized
+ detail: Access token is non-existent or expired.
+ code: 401
+ instance: 'urn:uuid:766f0ee2-e9a2-445b-bbc5-93dfdc5b5d22'
+ patError:
+ type: string
+ title: patError
+ x-examples:
+ WrongPATToken: Supplied personal access token is invalid.
+security:
+ - PersonalAccessToken: []