User suspension
Typically, you want to suspend a user so they cannot gain access to their account. This may be because you want to protect the user’s data due to a password leak or perhaps, there was a data breach and you need to suspend multiple accounts while solving the security issue. This page explains the user suspension process and how to suspend users via the console.
|
Check out the Management API for more details on using the API to suspend and unsuspend users:
|
User suspension overview
When a user is suspended, all login attempts are blocked and any active tokens and sessions are revoked. When suspending a user, you have two options.
| Suspension type | `allow_password_reset` | `suspensionStatus` |
|---|---|---|
1) User is suspended temporarily and can reactivate with a password reset link. |
|
|
2) User is suspended indefinitely and must contact their administrator for the account to be unsuspended and reactivated. |
|
|
Suspension reason
You can see or apply why a user was suspended.
-
To apply a reason for suspension, pass the
suspension_reasonparameter with the /users/suspend endpoint as part of the request payload. -
To view why a user was suspended, you can see the
suspension_informationobject on the user’s profile.
If a user tries to log in while suspended, the API responds with the reason in the error message as shown below.
{
"error_id": "F..GS7",
"error_description": "error.account.temporarilySuspended.suspiciousUserNoGood", (1)
"error_message_key": "error.account.temporarilySuspended.suspiciousUserNoGood",
"error": "access_denied",
"error_user_msg": "error.account.temporarilySuspended.suspiciousUserNoGood"
}| 1 | Where suspiciousUserNoGood represents the suspension_reason field in the suspend user payload. |
Request password reset
When you suspend a user via the Suspend user endpoint, you can set the allow_password_reset parameter to either true or false. You must set this parameter to true in order to allow users to reactivate their account via password reset.
When you do this, the user receives a notification (email or SMS) where they are have the option to follow a password reset link or verification code respectively.
| The user only receives an SMS when there is no email address associated with their profile. |
Email account suspension template
The account suspension template allows you to configure what message the user receives when their account is suspended. To access this feature, navigate to Emails > Templates from within your ReachFive console.
| Callout | Field | Description | ||
|---|---|---|---|---|
1 |
From |
Specifies the email address of the sender. |
||
2 |
Subject |
The email subject.
|
||
3 |
Redirect to |
The redirect URL. |
||
4 |
URL Lifetime |
Specifies how long the redirect URL should last in seconds. |
||
5 |
Message |
The message that the user receives.
|
SMS account suspension template
The SMS account suspension template allows you to configure what message the user receives when their account is suspended. To access this feature, navigate to SMS > Templates from within your ReachFive Console.
| Callout | Field | Description | ||
|---|---|---|---|---|
1 |
Verification Code Lifetime |
Specifies how long the verification code that is sent to the user will last before it expires and needs to be resent.
|
||
2 |
Message |
The message that the user receives in the SMS.
|
| They can also receive a password reset link by clicking Forgot Password. |
Reset via administrator
When you suspend a user via the Suspend user endpoint and the allow_password_reset parameter is set to false or you suspend the user via the ReachFive console, the user does not receive a password reset link and it is not possible for the user to reactivate by changing their password.
If the user tries to login, they receive a message that instructs them to contact the account administrator.
| This prevents any potential security issues from becoming larger and helps you sort the issue in the meantime. |
Suspend a user from the Console
To suspend a user via the ReachFive console, you must have the following:
-
Console access
-
At least a CRM User console role.
Instructions
-
Log in with your credentials to the ReachFive console.
-
From the sidebar, go to Profiles.
-
Select the user you want to manage.
-
From the Actions dropdown button, select Suspend.
-
In the dialog, choose to suspend the user temporarily or permanently and give a reason (
camelCaseonly).
-
-
The profile of the suspended user is updated to indicate their status.
| Use the same steps to unsuspend a user. Choose Unsuspend. |
- What just happened?
-
When you suspend a user from the console, the user does not receive an email to reactivate via password. The only way to unsuspend the user is to unsuspend them from the console or with the Unsuspend user endpoint.
Filter suspended users
When you Suspend a user from the Console or using the Suspend user endpoint, the suspension_status of the user is then set to either permanent or temporary depending on the way in which the user was suspended.
You can also see the reason as to why the user was suspended in the suspension_reason field (if using a query parameter in the Management API) or in the reason field of the suspension_information object if filtering via the ReachFive Console which is displayed as User Suspension reason in the filtering options.
Filter users from the console
- Prerequisites
-
-
You must have access to the ReachFive Console.
-
You must have at least a CRM User role.
-
- Instructions
Filter users with the Management API
To filter users using the Management API, simply add the following query parameter to the Search users endpoint.
/api/v2/users?filter=suspension_status=="permanent"/api/v2/users?filter=suspension_status=="temporary"/api/v2/users?filter=suspension_reason=="violatedTrustByeBye"| See the Search users endpoint for more details. |