Breadcrumbs

Automatic disabling of dormant Administrator user accounts

Article applies to: Administrators

Overview

To help protect customer data and align with industry security best practices, Skills Base may automatically disable login for dormant Administrator accounts that do not have Multi-Factor Authentication (MFA) enabled.

Dormant privileged accounts present an increased security risk because they are less likely to be actively monitored, maintained, or secured.

Whilst Skills Base recommends MFA be enabled on all user accounts, it is the customer’s decision whether to enforce MFA for user accounts.

What constitutes a dormant Administrator account?

A dormant Administrator account is a user account that:

  • Is assigned the Administrator Security Group

  • Has login enabled

  • Uses local (Skills Base) authentication

  • Has not logged into Skills Base for more than 6 months

Which accounts are excluded?

Automatic login disablement does not apply to:

  • Administrator accounts with MFA enabled

  • Administrator accounts that authenticate exclusively through SSO

  • The last remaining Administrator account with login enabled in the instance

What happens when login is disabled?

The person record remains fully intact, however the user will no longer be able to log into Skills Base until login is re-enabled by another Administrator.

No data, permissions, history, or configuration are removed.

How can I avoid an account being disabled?

Any affected Administrator can avoid automatic disablement by either:

  • Logging into Skills Base, or

  • Enabling MFA on their account

For instructions, see this article.

How can I re-enable login for an Administrator account?

Any other Administrator with access to Skills Base can re-enable login by:

  1. Opening the person record

  2. Editing the person

  3. Setting the Login field to Enabled

  4. Saving the record

We strongly recommend enabling MFA when re-enabling dormant privileged accounts.

Why is Skills Base doing this?

Global security standards such as NIST SP 800-53 and CIS Controls recommend disabling dormant or unnecessary accounts, particularly privileged accounts.

Whilst customers remain responsible for managing user accounts within Skills Base, we may disable dormant Administrator accounts to help protect customers from the increased security risk associated with unused privileged accounts.

Best practice recommendation

Skills Base also recommends reviewing dormant non-Administrator local accounts and considering whether login should remain enabled where no longer required, and consider enforcing MFA for all user accounts.