User suspension

Typically, you want to suspend a user so they cannot gain access to their account. This may be because you want to protect the user’s data due to a password leak or perhaps, there was a data breach and you need to suspend multiple accounts while solving the security issue. This page explains the user suspension process and how to suspend users via the console.

Check out the Management API for more details on using the API to suspend and unsuspend users:

User suspension overview

When a user is suspended, all login attempts are blocked and any active tokens and sessions are revoked. When suspending a user, you have two options.

Suspension type `allow_password_reset` `suspensionStatus`

1) User is suspended temporarily and can reactivate with a password reset link.

true

temporary

2) User is suspended indefinitely and must contact their administrator for the account to be unsuspended and reactivated.

false

permanent

Suspension reason

You can see or apply why a user was suspended.

  • To apply a reason for suspension, pass the suspension_reason parameter with the /users/suspend endpoint as part of the request payload.

  • To view why a user was suspended, you can see the suspension_information object on the user’s profile.

If a user tries to log in while suspended, the API responds with the reason in the error message as shown below.

{
    "error_id": "F..GS7",
    "error_description": "error.account.temporarilySuspended.suspiciousUserNoGood", (1)
    "error_message_key": "error.account.temporarilySuspended.suspiciousUserNoGood",
    "error": "access_denied",
    "error_user_msg": "error.account.temporarilySuspended.suspiciousUserNoGood"
}
1 Where suspiciousUserNoGood represents the suspension_reason field in the suspend user payload.

Request password reset

When you suspend a user via the Suspend user endpoint, you can set the allow_password_reset parameter to either true or false. You must set this parameter to true in order to allow users to reactivate their account via password reset.

When you do this, the user receives a notification (email or SMS) where they are have the option to follow a password reset link or verification code respectively.

The user only receives an SMS when there is no email address associated with their profile.

Email account suspension template

The account suspension template allows you to configure what message the user receives when their account is suspended. To access this feature, navigate to Emails > Templates from within your ReachFive console.

Template variables

Variable Description

{{link}}

This is the generated magic link (hosted by ReachFive that redirects to the specified URL).

{{verification_code}}

This is the generated verification code sent by email.

{{user.email}}

The user’s email address.

{{user.lang}}

The default language for the user.

{{locale}}

The user’s locale (country).

{{user.given_name}}

The user’s given name (first name).

example

Nicole Dubois

{{user.family_name}}

The user’s family name (last name, surname).

example

Nicole Dubois

{{user.custom_fields.key}}

Custom user fields. Only the string, select, and tag custom field data types can be used in email templates.

example

{{user.custom_fields.favorite_movie}}

The tags custom field type is concatenated by default. If you want to separate the tags, use the join function:

Example

favorite_movie:["The Secret Life of Pets","Forrest Gump","Amélie"]

format
{{ user.custom_fields.favorite_movie | join: " , " }}
output
The Secret Life of Pets, Forrest Gump, Amélie

{{user.suspension_reason}}

The reason why the user was suspended.

Callout Field Description

1

From

Specifies the email address of the sender.

2

Subject

The email subject.

The templating language is liquid.

3

Redirect to

The redirect URL.

4

URL Lifetime

Specifies how long the redirect URL should last in seconds.

5

Message

The message that the user receives.

The templating language is liquid.

console email account suspension template

SMS account suspension template

The SMS account suspension template allows you to configure what message the user receives when their account is suspended. To access this feature, navigate to SMS > Templates from within your ReachFive Console.

Template variables

Variable Description

{{verification_code}}

This is the generated verification code sent by SMS.

{{user.email}}

The user’s email address.

{{user.phone_number}}

The mobile number of the user receiving the message.

{{user.given_name}}

The user’s given name (first name).

example

Nicole Dubois

{{user.family_name}}

The user’s family name (last name, surname).

example

Nicole Dubois

{{user.suspension_reason}}

The reason why the user was suspended.

Callout Field Description

1

Verification Code Lifetime

Specifies how long the verification code that is sent to the user will last before it expires and needs to be resent.

This is in seconds.

2

Message

The message that the user receives in the SMS.

The templating language is liquid.

console account suspension template

They can also receive a password reset link by clicking Forgot Password.

Reset via administrator

When you suspend a user via the Suspend user endpoint and the allow_password_reset parameter is set to false or you suspend the user via the ReachFive console, the user does not receive a password reset link and it is not possible for the user to reactivate by changing their password.

If the user tries to login, they receive a message that instructs them to contact the account administrator.

This prevents any potential security issues from becoming larger and helps you sort the issue in the meantime.

Suspend users from the Console

To suspend a user via the ReachFive console, you must have the following:

  • Console access

  • At least a CRM User console role.

Instructions

  1. Log in with your credentials to the ReachFive console.

  2. From the sidebar, go to Profiles.

  3. Select the user you want to manage.

  4. From the Actions dropdown button, select Suspend.

    1. In the dialog, choose to suspend the user temporarily or permanently and give a reason (camelCase only).

      console temp suspend user

  5. The profile of the suspended user is updated to indicate their status.

    manage suspended user from console


Use the same steps to unsuspend a user. Choose Unsuspend.


What just happened?

When you suspend a user from the console, the user does not receive an email to reactivate via password. The only way to unsuspend the user is to unsuspend them from the console or with the Unsuspend user endpoint.

Suspend users through import

You can suspend users using the Import feature from within the ReachFive Console by leveraging the suspension_information object in the user profile model.

Typically, users that are suspended are sent an email informing them of the steps needed to reactivate their account. However, when valuing the suspension_information object through an import, no email is sent to the user. For more on the email template, see Email templates: account suspension.

You should pass the reason and status for the suspended user as shown in the examples here.

  • JSON

  • CSV

...
  "suspension_information": {
      "reason": "suspiciousUserNoGood",
      "status": "temporary"
  },
...
id,suspension_information.status,suspension_information.reason
AYl4...FUis7y,temporary,importCheckCheck

Filter suspended users

When you Suspend users from the Console or using the Suspend user endpoint, the suspension_status of the user is then set to either permanent or temporary depending on the way in which the user was suspended.

You can also see the reason as to why the user was suspended in the suspension_reason field (if using a query parameter in the Management API) or in the reason field of the suspension_information object if filtering via the ReachFive Console which is displayed as User Suspension reason in the filtering options.

Filter users from the console

Prerequisites
  • You must have access to the ReachFive Console.

  • You must have at least a CRM User role.

Instructions
  1. In your ReachFive Console, go to Analytics  Profiles.

  2. In the top right above the user search, select the filter button.

    filter button

  3. Choose the User Suspension status or User suspension reason field from the dropdown menu and filter as desired.

    • Suspension status

    • Suspension reason

    console filter suspendedUsers byStatus

    console filter suspendedUsers reason

  4. Don’t forget to Save your input.

Filter users with the Management API

To filter users using the Management API, simply add the following query parameter to the Search users endpoint.

Permanently suspended users
/api/v2/users?filter=suspension_status=="permanent"
Temporarily suspended users
/api/v2/users?filter=suspension_status=="temporary"
Susension reason
/api/v2/users?filter=suspension_reason=="violatedTrustByeBye"
See the Search users endpoint for more details.