Does anyone have an idea how we can verify that users are still in possession of their original email address?
Our usecase is that we allow access based on their employer’s domain. If people leave their employer, they will still have access to our Discourse install. This could be a compliancy issue.
Anyone have done something like this, in a user friendly fashion? The only option I have is to suspend all users, forcing a re-activation, but that seems a bit hostile.
You can use the “deactivate” button in the admin panel to force a specific user to re-validate their email address.
If you want to automate the process we have this plugin:
https://github.com/discourse/discourse-auto-deactivate
But it only deactivates ‘inactive’ users. If a user leaves the company it won’t deactivate them immediately.
How many employers are there? Could they let you know somehow?
Yeah, that’s the route I was going to take. Feels a bit hostile, but might be needed once a year or so.
Fantastic! We can modify that one re-authenticate all
More than 100, it’s not practical unfortunately.