I’m working on some scripting to setup users according to some json definition and one of the steps is disabling users not defined in the spec.
There’s a button in the UI for disabling users and the API responds with a disabled_at attribute, so I thought it would be simple: {"data":{"disabled_at":nil,
The value changes to a simple timestamp when I toggle it in the UI "disabled_at"=>"2023-01-30T11:25:53.346972Z"
I’ve tried making a patch request against the users/{id} endpoint and providing this payload:
{"user"=>{"disabled_at"=>"2023-01-30T11:18:22.208610798Z"}}
I get a 200 OK response back, but when I list users afterwards the disabled_at value is still nil, so it seems this value is ignored.
Helo 
. Currently, the disabled_at field is for internal use by disable_vpn_on_oidc_error option. If you want to restrict some of your users from using the VPN you might want to simply delete them (and make sure auto_create_users is false for all your OIDC/SAML providers).
1 Like
Okay, so it is intentional for now. I’d like to be able to disable them over API, but it is my backup plan to do a mix of delete / disable in our OIDC setup.
I mostly want to avoid deletion up front because I’m automating a lot of stuff and I’d hate to automatically delete all my users and force them to setup new device configs 
Thanks for the quick response 
We will have a better way to disable users in the future, sorry for this inconvenience for now 
.
oh, absolutely no worries. It’s a nice to have and certainly behind a lot of the other cool stuff you’re working on 
1 Like