Skip to main content
All CollectionsTemplatesIntermediate
Disable a Specific User in Google Cloud Identity - Workflow Template
Disable a Specific User in Google Cloud Identity - Workflow Template

Workflow and nested workflow that can be used to disable a specific user in Google Cloud Identity when an account is compromised.

Updated over a week ago

The "Disable a Specific User in Google Cloud Identity" workflow template is designed to enhance security response during incidents involving compromised user accounts. When suspicious activity is detected, it enables rapid action to contain the situation. This workflow verifies the permissions of the requester, gathers user details, and, if authorized, takes decisive containment actions such as suspending the user, disabling two-factor authentication, removing application passwords, and signing out the user from all sessions, ensuring the security of your Google Cloud Identity environment.

Optional Triggers

Slack,"Microsoft Teams",Webhook

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. Execute the nested workflow to confirm the user executing the workflow has permissions

  2. Gather the user details and notify the user running the workflow

  3. Suspend the user, disable 2 step verification if enabled, remove application passwords, clear sessions and logout all devices

Vendors

Slack, Utils, HTTP, Google Workspace

Workflow Output

Messages to Slack on verdict of successful user disablement

Tips

Setup the nested workflow with the workflow name and user email as needed for permissions

Did this answer your question?