Automatically disable login for inactive Administrators
Account security will be enhanced by automatically disabling all administrators after 90 days of inactivity. As part of this change, the “Active” checkbox in the administrator profile will be replaced with a dropdown menu offering the following options:
- Active
- Inactive / expired
- Blocked
If an administrator remains inactive for 90 days, their account will be set to Inactive / expired. The current password policy, which requires a password change every 90 days, will remain in place.
When an inactive administrator attempts to log in, they will receive the usual “Invalid username and/or password” message. They will then need to follow the “Forgot your password” link. If the administrator account is Inactive/Expired or Blocked, the user will receive an email after resetting the password.
Circle or Agency Administrators with the appropriate access rights will be able to reactivate the user by selecting the "Active" status.
Notes:
If the administrator status is set to Inactive/Expired or Blocked, the following behavior will occur:
- On the login page,
- only the username, password, and agency fields will trigger the system message: "This user has been deactivated."
- In all other scenarios, users will receive the "Invalid username and/or password" message.
- On the Forgot your Password page:
- The system will display the message: "If the user exists, instructions on how to reset the password have been sent to the associated email address."
- If an administrator does not log in after their status is changed to Active, the account will be automatically disabled again during the daily maintenance cycles, which occur at UTC 3:30, 7:30, 11:30, 15:30, 19:30, and 23:30.