Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1437
Views
0
Helpful
6
Replies

Disabling vs deleting a user

RDeYoung
Level 1
Level 1

‎08-13-2019 02:36 PM

Can a user be re-enabled after certain number of days if their account has only been set to “disabled” versus explicitly chosing the userid and selecting the “Delete” option?

Labels:
0 Helpful
6 Replies 6

Amy2
Level 5
Level 5

‎08-14-2019 06:53 AM

Hi RDeYoung,

When you delete a user, there is a window of 7 days before that user is permanently deleted from Duo. During this time, it is possible to restore the user account from the trash. You can find more info on deleting and restoring users in the documentation on Managing Duo Users.

Disabling a user is a status change that denies the user access from authenticating with Duo, and would be used in cases such as when an employee leaves a company, for example. A user set to Disabled remains that way indefinitely and can be restored to have access at any time in the future.

Hope that helps!

0 Helpful

Amy2
Level 5
Level 5

‎08-14-2019 07:28 AM

One more thing to note: With the Inactive User Expiration setting, you can choose to automatically remove inactive users from Duo after a set period.

When this setting is enabled, users who do not authenticate for the specified number of days are moved into the Trash and put into the pending deletion status. You can learn more about this here: Using the Duo Admin Panel and Changing Settings | Duo Security

0 Helpful

TiffanyS
Level 1
Level 1
In response to Amy2

‎03-01-2023 01:41 PM

This doesn’t apply to those users who are synced, correct? We have a number of inactive users who may not utilize Duo, but take up half the licenses. What is a way to exclude some of these accounts, i.e. service accounts, or how to change configuration to not include every single account? Or would this be too risky?

Do disabled accounts take up a license as well? I’ve recently noticed some still showing in ‘Users’ although in AD it is disabled.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to TiffanyS

‎03-02-2023 09:26 AM

Yes, disabled accounts consume a license. If a username exists in Duo, it is consuming a license.

You would need to remove the users from the sync (and therefore from Duo) to reduce license usage. This does also remove the user’s enrolled devices, so they would essentially need to be synced in like a new user and register their phone or other authentication method when they are no longer inactive at your organization.

Duo, not DUO.
0 Helpful

TiffanyS
Level 1
Level 1
In response to DuoKristina

‎03-03-2023 06:52 AM

If a user is not in a Duo synced group would they be blocked access from apps that utilize Duo? I.e. using email externally, but not in Duo group; would prompt to enroll appear or would it be bypassed?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to TiffanyS

‎03-03-2023 01:12 PM

If a username doesn’t already exist in Duo (as a synced or manually-created user), and they log in to an application protected with Duo without a permitted group restriction where you have the new user policy set to require enrollment, then the user would get prompted to enroll as a new Duo user.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents