Notify inactive users and revoke access after 60 days of inactivity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2025 01:26 PM
Story Description:
As a system administrator,
I want to send timely notifications to users who haven’t logged in for 30, 45, and 59 days,
So that they are informed of inactivity and can take action before their roles and group memberships are removed on the 60th day.
Acceptance Criteria:
Send email notifications to users who haven't logged in for:
30 days
45 days
59 days
On the 60th day of inactivity:
Remove all roles and group memberships from the user
Send a final notification:
Make the user inactive
“Your access has been revoked due to 60 days of inactivity. If this is a mistake, please contact the help desk.”
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2025 03:10 PM
Hi @AreebFayyaz1,
Please try the following:
Create a New Event Definition
Go to System Policy > Events > Event Registry
Click New
Fill out the form:
Name: user.inactivity.notification
Table: User [sys_user]
Description: Triggered when a user hits 30, 45, or 59 days of inactivity
Create Notification for the Event
Navigate to System Notification > Email > Notifications
Click New
Fill out:
Name: User Inactivity Notification
Table: User [sys_user]
When to send: Event is fired
Event name: user.inactivity.notification
Who will receive: User (Record)
Subject: Inactivity Notice: ${event.parm1} Days
Message HTML:
You have been inactive for ${event.parm1} days. Please log in to retain your access.
Create a Scheduled Script Execution (Scheduled Job) that runs daily to check user inactivity
(function() {
var inactivityThresholds = [30, 45, 59, 60];
var today = new GlideDateTime();
var userGR = new GlideRecord('sys_user');
userGR.addEncodedQuery('active=true^last_loginISNOTEMPTY');
userGR.query();
while (userGR.next()) {
var lastLogin = userGR.getValue('last_login');
var daysInactive = GlideDateTime.subtract(today, new GlideDateTime(lastLogin)).getDays();
if (inactivityThresholds.indexOf(daysInactive) !== -1) {
switch (daysInactive) {
case 30:
case 45:
case 59:
sendNotification(userGR.sys_id, daysInactive);
break;
case 60:
revokeAccess(userGR);
break;
}
}
}
function sendNotification(userId, days) {
gs.eventQueue('user.inactivity.notification', new GlideRecord('sys_user').get(userId), days);
}
function revokeAccess(userGR) {
// Remove Roles
var roles = new GlideRecord('sys_user_has_role');
roles.addQuery('user', userGR.sys_id);
roles.query();
while (roles.next()) {
roles.deleteRecord();
}
// Remove Group Memberships
var groups = new GlideRecord('sys_user_grmember');
groups.addQuery('user', userGR.sys_id);
groups.query();
while (groups.next()) {
groups.deleteRecord();
}
// Final Notification
sendFinalNotification(userGR.sys_id);
// Mark Inactive
userGR.active = false;
userGR.update();
}
function sendFinalNotification(userId) {
var notify = new GlideRecord('sys_email');
notify.initialize();
notify.type = 'send-ready';
notify.recipients = userId;
notify.subject = `Access Revoked: 60 Days of Inactivity`;
notify.body = `Your access has been revoked due to 60 days of inactivity. If this is a mistake, please contact the help desk.`;
notify.insert();
}
})();
If you found this helpful, please hit the thumbs-up button and mark as correct. That helps others find their solutions.