The "Disable a Specific User in Google Cloud Identity" workflow template is designed to enhance security response during incidents involving compromised user accounts. When suspicious activity is detected, it enables rapid action to contain the situation. This workflow verifies the permissions of the requester, gathers user details, and, if authorized, takes decisive containment actions such as suspending the user, disabling two-factor authentication, removing application passwords, and signing out the user from all sessions, ensuring the security of your Google Cloud Identity environment.
Optional Triggers
Slack,"Microsoft Teams",Webhook
Use Cases
Identity and Access Management , Suspicious User Activity
Workflow Breakdown
Execute the nested workflow to confirm the user executing the workflow has permissions
Gather the user details and notify the user running the workflow
Suspend the user, disable 2 step verification if enabled, remove application passwords, clear sessions and logout all devices
Vendors
Slack, Utils, HTTP, Google Workspace
Workflow Output
Messages to Slack on verdict of successful user disablement
Tips
Setup the nested workflow with the workflow name and user email as needed for permissions