search

Offboard User Temporarily

Temporarily offboard a user

hashtag
Description

Temporarily offboards a user for scenarios such as parental leave or sabbatical by disabling access, adjusting group and license assignments, and optionally exporting memberships. Optionally removes or replaces group ownerships when required.

hashtag
Location

User → General → Offboard User Temporarily

Full Runbook name

rjgit-user_general_offboard-user-temporarily

hashtag
Permissions

hashtag
Application permissions

  • Type: Microsoft Graph

    • User.ReadWrite.All

    • Group.ReadWrite.All

    • GroupMember.ReadWrite.All

hashtag
Permission notes

Azure IaaS: Contributor access on subscription or resource group used for the export

hashtag
RBAC roles

  • User administrator

hashtag
Parameters

hashtag
UserName

User principal name of the target user.

Property
Value

Required

true

Default Value

Type

String

hashtag
RevokeAccess

If set to true, revokes the user's refresh tokens and active sessions.

Property
Value

Required

false

Default Value

True

Type

Boolean

hashtag
DisableUser

If set to true, disables the user account for sign-in.

Property
Value

Required

false

Default Value

True

Type

Boolean

hashtag
exportResourceGroupName

Azure Resource Group name for exporting data to storage.

Property
Value

Required

false

Default Value

Type

String

hashtag
exportStorAccountName

Azure Storage Account name for exporting data to storage.

Property
Value

Required

false

Default Value

Type

String

hashtag
exportStorAccountLocation

Azure region used when creating the Storage Account.

Property
Value

Required

false

Default Value

Type

String

hashtag
exportStorAccountSKU

SKU name used when creating the Storage Account.

Property
Value

Required

false

Default Value

Type

String

hashtag
exportStorContainerGroupMembershipExports

Container name used for group membership exports.

Property
Value

Required

false

Default Value

Type

String

hashtag
exportGroupMemberships

If set to true, exports the user's current group memberships to Azure Storage.

Property
Value

Required

false

Default Value

False

Type

Boolean

hashtag
ChangeLicensesSelector

Controls how directly assigned licenses should be handled.

Property
Value

Required

false

Default Value

0

Type

Int32

hashtag
ChangeGroupsSelector

Controls how assigned groups should be handled. "Change" and "Remove all" will both honour "groupToAdd".

Property
Value

Required

false

Default Value

0

Type

Int32

hashtag
GroupToAdd

Group that should be added or kept when group changes are enabled.

Property
Value

Required

false

Default Value

Type

String

hashtag
GroupsToRemovePrefix

Prefix used to remove groups matching a naming convention.

Property
Value

Required

false

Default Value

Type

String

hashtag
RevokeGroupOwnership

If set to true, removes or replaces the user's group ownerships.

Property
Value

Required

false

Default Value

False

Type

Boolean

hashtag
ReplacementOwnerName

Who will take over group ownership if the offboarded user is the last remaining group owner? Will only be used if needed.

Property
Value

Required

false

Default Value

Type

String

Back to Runbook Reference overview

Last updated

Was this helpful?