diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index a9344f0f7..b2c74433e 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -122,6 +122,14 @@ class UsersController < ApplicationController
     end
   end
 
+  def delete_confirmation
+    authorize @user
+  end
+
+  def delete
+    authorize @user
+  end
+
 private
 
   def validate_attributes
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index a4b1a3d5c..31637e701 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -33,4 +33,12 @@ class UserPolicy
       (@current_user == @user || @current_user.data_coordinator? || @current_user.support?) && @user.active?
     end
   end
+
+  def delete_confirmation?
+    current_user.support?
+  end
+
+  def delete?
+    current_user.support?
+  end
 end
diff --git a/app/views/users/delete_confirmation.html.erb b/app/views/users/delete_confirmation.html.erb
new file mode 100644
index 000000000..46b94d54d
--- /dev/null
+++ b/app/views/users/delete_confirmation.html.erb
@@ -0,0 +1,24 @@
+<% content_for :before_content do %>
+  <% content_for :title, "Are you sure you want to delete this user?" %>
+  <%= govuk_back_link(href: :back) %>
+<% end %>
+
+<div class="govuk-grid-row">
+  <div class="govuk-grid-column-two-thirds-from-desktop">
+    <span class="govuk-caption-xl">Delete <%= @user.name %></span>
+    <h1 class="govuk-heading-xl">
+      <%= content_for(:title) %>
+    </h1>
+
+    <%= govuk_warning_text(text: "You will not be able to undo this action.") %>
+
+    <div class="govuk-button-group">
+      <%= govuk_button_to(
+        "Delete this user",
+        delete_user_path(@user),
+        method: :delete,
+      ) %>
+      <%= govuk_button_link_to "Cancel", user_path(@user), html: { method: :get }, secondary: true %>
+    </div>
+  </div>
+</div>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index f0f497291..79dcf0a04 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -129,6 +129,8 @@ Rails.application.routes.draw do
       get "deactivate", to: "users#deactivate"
       get "reactivate", to: "users#reactivate"
       post "resend-invite", to: "users#resend_invite"
+      get "delete-confirmation", to: "users#delete_confirmation"
+      delete "delete", to: "users#delete"
     end
   end
 
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index ddc457f6c..3f8b59d98 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -103,6 +103,13 @@ RSpec.describe UsersController, type: :request do
         expect(response).to redirect_to(new_user_session_path)
       end
     end
+
+    describe "#delete-confirmation" do
+      it "redirects to the sign in page" do
+        get "/users/#{user.id}/delete-confirmation"
+        expect(response).to redirect_to("/account/sign-in")
+      end
+    end
   end
 
   context "when user is signed in as a data provider" do
@@ -381,6 +388,18 @@ RSpec.describe UsersController, type: :request do
         expect(response).to have_http_status(:unauthorized)
       end
     end
+
+    describe "#delete-confirmation" do
+      before do
+        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+        sign_in user
+        get "/users/#{user.id}/delete-confirmation"
+      end
+
+      it "returns 401 unauthorized" do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
   end
 
   context "when user is signed in as a data coordinator" do
@@ -1162,6 +1181,18 @@ RSpec.describe UsersController, type: :request do
         end
       end
     end
+
+    describe "#delete-confirmation" do
+      before do
+        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+        sign_in user
+        get "/users/#{user.id}/delete-confirmation"
+      end
+
+      it "returns 401 unauthorized" do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
   end
 
   context "when user is signed in as a support user" do
@@ -2018,6 +2049,41 @@ RSpec.describe UsersController, type: :request do
         end
       end
     end
+
+    describe "#delete-confirmation" do
+      before do
+        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
+        sign_in user
+        get "/users/#{other_user.id}/delete-confirmation"
+      end
+
+      it "shows the correct title" do
+        expect(page.find("h1").text).to include "Are you sure you want to delete this user?"
+      end
+
+      it "shows a warning to the user" do
+        expect(page).to have_selector(".govuk-warning-text", text: "You will not be able to undo this action")
+      end
+
+      it "shows a button to delete the selected user" do
+        expect(page).to have_selector("form.button_to button", text: "Delete this user")
+      end
+
+      it "the delete user button submits the correct data to the correct path" do
+        form_containing_button = page.find("form.button_to")
+
+        expect(form_containing_button[:action]).to eq delete_user_path(other_user)
+        expect(form_containing_button).to have_field "_method", type: :hidden, with: "delete"
+      end
+
+      it "shows a cancel link with the correct style" do
+        expect(page).to have_selector("a.govuk-button--secondary", text: "Cancel")
+      end
+
+      it "shows cancel link that links back to the user page" do
+        expect(page).to have_link(text: "Cancel", href: user_path(other_user))
+      end
+    end
   end
 
   describe "title link" do