Policy to automatically inactivate users not logged in with x days

DanDemersDanDemers
in AuthPoint - Product Enhancements

I believe it would be beneficial to have the ability to create a policy where an auth point could disable users after x days of inactivity.

It seems like it would be trivial to add such a feature and help customers lock down their environments without spending a lot of extra time manually performing this task.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DanDemers
    What type of users do you currently have?

    If users are LDAP/AD sync'ed, if they fail to appear on the next sync, they will be quarantined. You can use the "Quarantined Users Cleanup" feature to automatically remove those users.

    See:
    https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/authpoint/quarantined_users.html

    The vast majority of our customers use synced accounts (via LDAP or AD,) and we generally don't want users to be in different states (hence why you can't erase a user unless they are in quarantine status, and the user must be created in LDAP/AD and synced over.

    There's many examples of PowerShell scripts on the internet that will erase or move an inactive AD user. By leveraging a tool like that, and the cleanup feature, you can acheive what you're looking to do.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.