Targeting OU to suspend accounts

Skip to first unread message


Apr 30, 2021, 1:42:24 PM4/30/21
to Foresight Community
Hello, I am a new Foresight user and came here because of the suspend inactive users feature. I figured out how to implement it but is there a way to target specific OU's instead of the whole domain? 

Jason Huang

Apr 30, 2021, 2:05:01 PM4/30/21
to Foresight Community,

Yes, there is. The workflow looks like this User turned inactive => Get user info => If (Specific OU) => Suspend user
The User turned inactive trigger will output the inactive user's primary email as a variable (you can think it as metadata), then use the Get user info action to retrieve the full profile of the user, including the OU the user is in. The profile variables will pass down the flow.
In the If action, rename the Branch 1 to specific OU or something and set condition as Organization Unit Path text is exactly /OU/SubOU/SubSubOU. Replace the /OU/SubOU/SubSubOU with your organizational setting. Please note it's case-sensitive. Then add Suspend user action after this branch. Ignore the Fallback branch. That means, if the inactive user is not in the given OU, do nothing. 
You can change the condition to Organization Unit Path text starts with /OU/SubOU to also include all SubSubOUs. 



Apr 30, 2021, 2:49:53 PM4/30/21
to Foresight Community, Jason Huang, IVAN ROMERO
Thank you very much! It worked like a charm. 

Robert Gellatly

Jul 9, 2021, 1:13:06 PM7/9/21
to Foresight Community,, Jason Huang

I found the information on supspending an account given an exact period of inactivity.  Is there a way to configure this to suspend any account that have been inactive for 365 days or more, rather than exactly 365 days?

Please advise,
Bob Gellatly
Reply all
Reply to author
0 new messages