Co-Author : Anok Angadi, Vigneshwaran Anbarasan
What is user deletion?
User deletion is a procedural step aimed at eliminating or erasing user information that may no longer be relevant to the organization or has been inactive for an extended period. This process plays a crucial role in maintaining the organization's portal in an organized manner, facilitating the removal of unnecessary data. Moreover, user deletion is intricately connected with device deletion, ensuring the comprehensive removal of records associated with the users being deleted. This streamlined approach aids in efficient data management, contributing to a more organized and clutter-free digital environment.
Within our MaaS360 system, we oversee a range of users such as those from User Directory (AD), User Directory (ASM), User Directory (Azure AD), User Directory (LDAP), and Local Directory. Removal of these users is facilitated through a variety of deletion workflows provided by MaaS360, including options for Single User Deletion, Bulk User Deletion, and Automatic User Deletion.
A standardized workflow is followed for each type of deletion in our system. When a user deletion is requested, the user is placed in a queue for deletion and will be picked up on the next daily cycle. During the job execution, queued records are examined, and the user undergoes various validation criteria for deletion. One crucial validation involves checking the status of any associated devices. If the requested user has an active device, the deletion is rejected until the device is inactive or removed. Once inactive devices linked to the user are successfully deleted, the user proceeds through the deletion process. After passing all validations, the user is deleted. Due to the validation and deletion cycles impacting user removal, the process is not immediate, and some time is required for the user record to be completely removed from the portal.
Types of User Deletion -
- Single / individual deletion -
When an administrator wishes to delete a specific local user, the process involves navigating to the user directory. The admin can then locate the desired user by entering their username or applying specific filters. Beneath the username, a "more" button is available. By selecting this option, the admin can proceed to the "Delete user" button. A confirmation prompt appears, ensuring intentional user deletion. Once the deletion is confirmed, the user is systematically added to the deletion queue for further processing.
To remove an AD/LDAP user, it's essential for the administrator to initiate the deletion process in the Azure portal initially. After successfully deleting the user from the Azure portal, the administrator can proceed to delete the user from the MaaS portal. Attempting to delete a user directly from the MaaS portal without prior deletion from the Azure portal may result in a temporary removal, but during the subsequent Azure sync, a new entry for the deleted user will be generated in the MaaS portal. Therefore, it is imperative to ensure the user is removed from the Azure portal first.
Step 1 - Navigate to Users → More -> Delete User
Following step 1, the system conducts a validation check for active devices associated with the user. If active devices are found, the deletion process is halted, and a corresponding message is displayed to communicate that the deletion cannot proceed.
Step 2 - Click on the confirm button.
When an administrator intends to perform bulk user deletion, they can utilize the dedicated workflow designed for this purpose. In the Bulk User Deletion workflow, administrators have the capability to delete a specific set of users by uploading a document containing the details of the targeted individuals. This streamlined process alleviates the need for deleting users one by one, thereby saving a considerable amount of time. For instance, if an administrator needs to delete a substantial number of users, say 50-100, the bulk user deletion option proves to be more efficient than the single deletion workflow.
In this workflow, administrators are provided with instructions and the option to download a sample document, illustrating the expected format for user details. Recognizing that the format details may vary for different user types (e.g., local users or corporate users), the system allows administrators to choose the user type and download the corresponding sample file for editing. Once the document is uploaded and submitted, the users are systematically added to the deletion queue.
Additionally, administrators are presented with the option of deleting all users, providing further flexibility. If the goal is to delete all users within the organization, administrators can choose the "All User Deletion" option. This choice is further divided into two parts: local and corporate. The local deletion option encompasses all users, queuing them for deletion. On the other hand, corporate deletion allows administrators to specify user types (e.g., AD users) or select all corporate users, providing a more tailored approach to mass deletion.
Step 1 - Navigate to Users → More (top right corner) → Bulk Delete Users
Step 2 - The administrator has the option to choose between deleting all users or only a specific list of users. After making the selection, they can proceed by clicking the "Continue" button.
Step 3 - In the scenario where the administrator opts to delete all users, they are presented with the additional choice of specifying whether they want to delete all Corporate Users or all Local Users. If the selection is for Corporate Users, the administrator can further refine their choice by specifying if they intend to delete users from a particular directory service within the corporate directory. This additional level of granularity allows for a more targeted and precise approach to user deletion within the corporate structure.
If the administrator opts for specific user deletion, they are prompted to upload a document containing the details of the users targeted for deletion. To assist with the document format, a sample document is provided, accessible through the download button located below the browse button. Once the document is prepared, it can be submitted for further processing.
- Automatic user deletion -
MaaS360 offers a convenient feature for automated deletion of inactive users. If an administrator wishes to streamline the process of removing all inactive users within a specified timeframe, the user settings on the portal provide a straightforward solution. Within these settings, administrators possess the flexibility to designate a specific time duration for identifying inactive users. Additionally, the portal empowers administrators to activate permanent deletion for both users and their corresponding devices. This capability streamlines the process of not only recognizing inactive users but also systematically deleting both the users and the devices associated with them based on the defined criteria.
This automated approach ensures that inactive users, based on the defined criteria, are systematically identified and queued for deletion. The ability to customize the time period adds a layer of adaptability, allowing organizations to tailor the automated deletion process according to their specific requirements. The inclusion of permanent user and device deletion options enhances the efficiency of the clean-up process, contributing to a more streamlined and organized user management system within the MaaS360 platform.
Step 1 - Navigate to Setup → Settings → User Settings → User Deactivation Settings
Activate the "Mark the user and device in MaaS360 as Inactive" feature, establish the batch limit (default is 50), and enable permanent deletion within a specified timeframe (1-90 days). Save these modifications to facilitate an automated process for efficiently managing inactive users and devices. It's important to note that only the third option grants the capability to delete users and devices. The portal additionally empowers administrators to choose how users behave upon deletion from sources like AD or LDAP. In such instances, administrators can either maintain both users and devices as active in the MaaS360 portal, despite their deletion from sources, or mark the user as inactive while keeping the associated devices still active. In both scenarios, the system merely updates the status of the user and device without initiating deletion. The third option, however, provides administrators with the ability to set up automatic deletion.
Dependency on Devices -
The process of deleting users is intricately tied to the status of their associated devices. Deleting a user is contingent on ensuring that no active devices are linked to them. The removal of a user becomes unfeasible as long as there are devices actively associated with them. The deactivation or deletion of these devices is a prerequisite for the deletion of users.
Multiple methods can be employed to deactivate devices. Firstly, if a device remains inactive on the portal due to a prolonged period of inactivity, it is automatically marked as inactive. Additionally, if a device is deemed "Out of Compliance," it is also flagged as inactive. Another approach involves hiding the device from the portal, rendering it inactive and subsequently allowing for the deletion of the associated user.
In summary, the deletion of users is contingent on addressing the status of their associated devices, which can be achieved through various means such as inactivity, non-compliance, or deliberately hiding the device from the portal. These measures collectively enable the effective management of user and device data in the system.