Change the name of the user.
Disable the user's second factor authorization (2FA).
If Account Transfer is active for the user's role and the currently logged-in administrator has the Administrative Permission to perform a transfer, this action will move all records and shared folders from the user's account to a destination user account. The account must first be locked before you can perform a transfer. After the transfer is completed, the user account is deleted. More information on the Transfer Account action is detailed throughout this guide.
Note: this action cannot be undone and has serious consequences:
1. All of this user's owned vault records will be immediately deleted, and they will be removed from all Roles, Nodes and Teams.
2. Any records created by the user are deleted.
3. Any records shared from this user to other users will be deleted.
To suspend an account and prevent the user from accessing their Vault, you can simply lock their account. This retains the user's owned records but blocks their access to their Keeper Vault. Any records and Shared Folders created by that user will still be accessible to other shared users and teams.
Expire a user's Master Password outside of the enforcement policy periodicity. This functionality allows the administrator to specifically target a user to rotate their Master Password if a potential compromise is suspected.
Extending Transfer Acceptance Consent
If the Account Transfer enforcement policy is applied, they have 7 days to accept the consent request that is presented to them from within their vault. If a user has not accepted the consent in 7 days, their account will be in a "blocked" state. They will be required to accept the consent before access is again granted. The Extend Transfer Acceptance Consent will extend the time limit for another 7 days.
If a user has been invited to join Keeper but has not yet completed their account setup, you can re-send their invitation to join.