Skip to main content
Skip table of contents

Dormant device deprovisioning

This feature targets mobile phones and FIDO keys that have not been active for a certain configurable period.

Functional aspects

Configuration parameters are illustrated below:


If Enabled is set on true, a scheduler will be created to scan devices to mark them as dormant. Be aware, if you enable that feature, you have to provide a valid cron expression for Job running frequency.

Max inactivity time is the maximum time of inactivity that a device can have. That time is calculated according to several factors, such as last authentication time (last time you used that device to authenticate) or registration time (when you enrol that device). This approach was used because, a device that has been enrolled, does not have a last authentication time, and can be marked as dormant, even though it is not dormant.

Synchronization job batch size is the size of a batch to process.

Automatic notification send is a flag that is used to send push notifications/mails automatically. If one ore more devices are marked as dormant, you would want to notify the users regarding those devices.

Notification job frequency is the same as Job running frequency, but is used for notification scheduler.

Notification job batch size is the size of a batch to process.


Once marked as dormant, a message will be sent to the user to inform him that this device is not in use anymore. The template can be configured in Settings / Messaging / Notifications - “DORMANT_DEVICE”.

To remove the dormant status, that device must complete an authentication.


Authenticators section from identity


Other authenticators


Note that, in this moment no action is taken against dormant devices.

Informing the user

  1. If the dormant device is a FIDO authenticator, then the user will receive an email notification informing him about it.

email dormant.png

In order for the email notification to be received, the admin needs to enable the DORMANT_DEVICE notification.

  1. If the dormant device is a mobile phone, the user will receive a push notification informing him about it.

The email notification and/or the push notification are sent only once for each dormant device.


Following the addition of the dormant device term, we added a new report for fido-type devices, and this dormant marking was added to the mobile phones report.



For more flexibility, push notifications and emails will be translated into the user's language.


See message transaltions will redirect the user in the Internationalization page with the specific filter for push notification in dormant devices.


See email templates will redirect the user in the Email templates in order to customize the template for FIDO emails.

📋 Related articles

Identity Deprovisioning

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.