Device deprovisioning (dormant device)
This feature targets mobile phones and FIDO keys that have not been active for a certain configurable period.
Functional aspects
Configuration parameters are illustrated below:
If Enabled is set on true, a scheduler will be created to scan devices to mark them as dormant. Be aware, if you enable that feature, you have to provide a valid cron expression for Job running frequency.
Max inactivity time is the maximum time of inactivity that a device can have. That time is calculated according to several factors, such as last authentication time (last time you used that device to authenticate) or registration time (when you enrol that device). This approach was used because, a device that has been enrolled, does not have a last authentication time, and can be marked as dormant, even though it is not dormant.
Synchronization job batch size is the size of a batch to process.
Automatic notification send is a flag that is used to send push notifications/mails automatically. If one ore more devices are marked as dormant, you would want to notify the users regarding those devices.
Notification job frequency is the same as Job running frequency, but is used for notification scheduler.
Notification job batch size is the size of a batch to process.
Marking
Once marked as dormant, a message will be sent to the user to inform him that this device is not in use anymore. The template can be configured in Settings / Messaging / Notifications - “DORMANT_DEVICE”.
To remove the dormant status, that device must complete an authentication.
Note that, in this moment no action is taken against dormant devices.
Informing the user
If the dormant device is a FIDO authenticator, then the user will receive an email notification informing him about it.
In order for the email notification to be received, the admin needs to enable the DORMANT_DEVICE notification.
If the dormant device is a mobile phone, the user will receive a push notification informing him about it.
The email notification and/or the push notification are sent only once for each dormant device.
Reports
Following the addition of the dormant device term, we added a new report for fido-type devices, and this dormant marking was added to the mobile phones report.
Internationalization
For more flexibility, push notifications and emails will be translated into the user's language.
See message translations will redirect the user in the Internationalization page with the specific filter for push notification in dormant devices. The content of the notification is customizable.
See email templates will redirect the user in the Email templates in order to customize the template for FIDO emails.