Users who have not logged into SAP applications for the last 90 days to be automatically set to Block status. IT administrators and application owners to easily identify inactive or unused accounts, improving security visibility and control.
Introducing this feature for SAP IAS – Tenant administrator can now configure specific user types to be blocked and deleted, or only blocked, or only deleted after a certain period of inactivity.
The users for which blocking can be enabled are of the type:
Public
Customers
Partners
Employees
You can enable the chosen user type or types to be only blocked, or only deleted, or both blocked and deleted after a certain period of inactivity.
The period spans from 14 up to 2000 days.
To enable blocking and or deletion, you must choose at least one user type and set at least one period.
After a user has exceeded the set period of inactivity, they will be blocked and their status will be updated on the next sign-in attempt.
You can also configure when the deletion script starts.
Steps to enable
Sign in to theadministration console forSAP Cloud Identity Services.
UnderApplications and Resources, choose theTenant Settingstile.
At the top of the page, you can view the administrative and license relevant information of the tenant.
Choose theBlocking and Deletionlist item.
ChooseEdit.
Select a user type.
Enable the options underInactivity Periods. By default the options are disabled. At least one of the status fieldsBlock afterorDelete aftermust be enabled.
How to find the Last Logon Date of the User to start the Inactivity Blocking User.
User Persona (Examples)
By configuring a 90-day inactivity rule, organizations can automatically block users who have not accessed SAP applications, allowing IT administrators and application owners to quickly identify dormant accounts and strengthen overall security governance.
Mixed User Persona for Block & Deletion
By tailoring inactivity rules for different user types, organizations can strike the perfect balance between security, compliance, and user experience—turning identity lifecycle management into a strategic advantage
Common Use case across IT Landscape :Users who have not logged into SAP applications for the last 90 days to be automatically set to Block status. IT administrators and application owners to easily identify inactive or unused accounts, improving security visibility and control. Introducing this feature for SAP IAS – Tenant administrator can now configure specific user types to be blocked and deleted, or only blocked, or only deleted after a certain period of inactivity. The users for which blocking can be enabled are of the type:PublicCustomersPartnersEmployeesYou can enable the chosen user type or types to be only blocked, or only deleted, or both blocked and deleted after a certain period of inactivity. The period spans from 14 up to 2000 days.To enable blocking and or deletion, you must choose at least one user type and set at least one period.After a user has exceeded the set period of inactivity, they will be blocked and their status will be updated on the next sign-in attempt.You can also configure when the deletion script starts.Steps to enable Sign in to the administration console for SAP Cloud Identity Services.Under Applications and Resources, choose the Tenant Settings tile.At the top of the page, you can view the administrative and license relevant information of the tenant.Choose the Blocking and Deletion list item.Choose Edit.Select a user type.Enable the options under Inactivity Periods. By default the options are disabled. At least one of the status fields Block after or Delete after must be enabled.How to find the Last Logon Date of the User to start the Inactivity Blocking User.User Persona (Examples)By configuring a 90-day inactivity rule, organizations can automatically block users who have not accessed SAP applications, allowing IT administrators and application owners to quickly identify dormant accounts and strengthen overall security governance.Mixed User Persona for Block & Deletion By tailoring inactivity rules for different user types, organizations can strike the perfect balance between security, compliance, and user experience—turning identity lifecycle management into a strategic advantage Reference : https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/block-or-delete-users-due-to-inactivity?version=Cloud Read More Technology Blog Posts by SAP articles
