How User Accounts Are Suspended

By default, user accounts are suspended automatically when a user has no roles. This automatic suspension of user accounts is controlled by the User Account Maintenance enterprise option. Human resource (HR) specialists can also suspend a user account manually, if necessary.

This topic describes how automatic account suspension and reactivation occur. It also explains how to suspend a user account manually.

Automatic Suspension of User Accounts

When you terminate a work relationship:

• The user loses any automatically provisioned roles for which he or she no longer qualifies. This deprovisioning is automatic.

• If the user has no other active work relationships, then the user also loses manually provisioned roles. These are:

  • Roles that he or she requested

  • Roles that another user, such as a line manager, provisioned to the user

  If the user has other, active work relationships, then he or she keeps any manually provisioned roles.

When terminating a work relationship, you specify whether the user is to lose roles on the termination date or on the day following termination.

A terminated worker's user account is suspended automatically at termination only if he or she has no roles. Users can acquire roles automatically at termination, if an appropriate role mapping exists. In this case, the user account remains active.

Automatic Reactivation of User Accounts

User accounts are reactivated automatically when you reverse a termination or rehire a worker. If you reverse the termination of a work relationship, then:

• The user regains any role that he or she lost automatically at termination. For example, if the user automatically lost roles that had been provisioned manually, then those roles are reinstated.

  Note: If you removed any roles from the user manually at termination, then you must restore them to the user manually, if required.

• The user loses any role that he or she acquired automatically at termination.

• If the user account was suspended automatically at termination, then it's automatically reactivated.

The autoprovisioning process runs automatically when you reverse a termination. Therefore, the user's roles are updated automatically as specified by current role mappings.

When you rehire a worker, the user account is reactivated automatically and roles are provisioned automatically as specified by current role mappings. In all other cases, you must reactivate suspended user accounts manually on the Edit User page.

Tip: Authorized users can also manage user account status directly on the Security Console.

Manual Suspension of User Accounts

To suspend a user account manually, HR specialists follow these steps:

1. Select Navigator > My Team > Users and Roles.

2. Search for and select the user to open the Edit User page.

3. In the User Details section of the Edit User page, set the Active value to Inactive. You can reactivate the account by setting the Active value back to Active.

4. Click Save and Close.

Note: Role provisioning isn't affected by the manual suspension and reactivation of user accounts. For example, when you reactivate a user account manually, the user's autoprovisioned roles are updated only when you click Autoprovision Roles on the Edit User page. Similarly, a suspended user account isn't reactivated when you click Autoprovision Roles. You must explicitly reactivate the user account first.

IT security managers can lock user accounts on the Security Console. Locking a user account on the Security Console or setting it to Inactive on the Edit User page prevents the user from signing in.