Disable users over API

I’m working on some scripting to setup users according to some json definition and one of the steps is disabling users not defined in the spec.

There’s a button in the UI for disabling users and the API responds with a disabled_at attribute, so I thought it would be simple: {"data":{"disabled_at":nil,
The value changes to a simple timestamp when I toggle it in the UI "disabled_at"=>"2023-01-30T11:25:53.346972Z"

I’ve tried making a patch request against the users/{id} endpoint and providing this payload:
I get a 200 OK response back, but when I list users afterwards the disabled_at value is still nil, so it seems this value is ignored.

Helo :wave:. Currently, the disabled_at field is for internal use by disable_vpn_on_oidc_error option. If you want to restrict some of your users from using the VPN you might want to simply delete them (and make sure auto_create_users is false for all your OIDC/SAML providers).

1 Like

Okay, so it is intentional for now. I’d like to be able to disable them over API, but it is my backup plan to do a mix of delete / disable in our OIDC setup.

I mostly want to avoid deletion up front because I’m automating a lot of stuff and I’d hate to automatically delete all my users and force them to setup new device configs :sweat_smile:

Thanks for the quick response :slight_smile:

We will have a better way to disable users in the future, sorry for this inconvenience for now :frowning:.

oh, absolutely no worries. It’s a nice to have and certainly behind a lot of the other cool stuff you’re working on :smiley:

1 Like