What to do when someone leaves the company?

(Philip Colmer) #1

With a Discourse setup that only allows SSO to a corporate infrastructure, what are the recommendations for what action to take when someone leaves?

As I understand it, the options would seem to be:

  • Deactivate the account
  • Suspend the account
  • Delete the account
  • Anonymise the account

Some of these are discussed in Suspend a user forever but one of those options - Deactivate the account - doesn’t seem to have a corresponding API call, unless I’m missing it?

I don’t want to delete the account because that would delete the corresponding posts? I don’t want to anonymise the account because that would lose the information as to who posted in the first place.

I could suspend but it looks like I would need to increase the suspend timeout.

Any thoughts on best practice for this scenario?


(Jay Pfaffman) #2

If SSO won’t allow them to log in, why not just do nothing?

You could add them to a “former employee” or “alumni” group that had a badge signify that they’re no longer at the company.

(Sam Saffron) #3

I would ensure I killed off all the existing sessions for the user though by clicking Log Off on the admin user page.

So my full process would be:

  1. Make user non-staff, revert any TL that was set manually.
  2. Add title “former employee”
  3. If it ended on bad terms: suspend user forever
  4. Head to admin user page and click “Log Out” on user admin page.

(Mittineague) #4

Just so I’m clear. By “click Log Off” you’re referring to the “Force browser refresh” button under Last IP Address?

(Philip Colmer) #5

@Mittineague No, there is a Log Out button in the top right of the user page:




(Dave McClure) #6

We let email bounces automatically deactivate the account:

(Mittineague) #7

Thanks, I was thinking in Moderator mode, not Admin mode :blush: