Actions18
- Calendar Permission Actions
- Group Actions
- License Actions
- Tenant Actions
- User Actions
Overview
The "Offboard User" operation in the User resource is designed to automate and streamline the process of offboarding a user from an organization's system. This node helps IT administrators or support teams perform multiple cleanup and security tasks related to a user's account when they leave the organization or change roles. Common scenarios include employee termination, role changes requiring access revocation, or mailbox conversions.
Typical use cases:
- Converting a user's mailbox to a shared mailbox for continued access by others.
- Removing licenses and permissions to free up resources.
- Resetting passwords and disabling sign-in to secure the account.
- Removing the user from groups and clearing associated rules and devices.
- Scheduling the offboarding process for a future date/time.
This node consolidates many offboarding steps into one automated workflow, reducing manual effort and minimizing errors.
Properties
| Name | Meaning |
|---|---|
| Convert to Shared | Whether to convert the user mailbox to a shared mailbox |
| Remove Licenses | Whether to remove all licenses from the user |
| Reset Password | Whether to reset the user password |
| Delete User | Whether to delete the user account |
| Remove MFA Devices | Whether to remove all multi-factor authentication devices from the user |
| Revoke Sessions | Whether to revoke all active sessions for the user |
| Remove Groups | Whether to remove the user from all groups |
| Remove Permissions | Whether to remove all permissions assigned to the user |
| Remove Mobile | Whether to remove mobile device access for the user |
| Remove Rules | Whether to remove all rules associated with the user |
| Disable Sign In | Whether to disable sign-in for the user |
| Hide From GAL | Whether to hide the user from the Global Address List |
| Remove Calendar Invites | Whether to remove all calendar invites for the user |
| Clear Immutable ID | Whether to clear the immutable ID for the user |
| Disable Forwarding | Whether to disable email forwarding for the user |
| Keep Copy | Whether to keep a copy of user data |
| Scheduled | The date and time when the offboarding operation will be scheduled |
| Tenant Label | The display name for the tenant |
| Domain | The domain name of the tenant |
| Forward | The email address to forward the user's email to |
| User Name | The display name of the user to offboard |
| User Email | The email address (User Principal Name) of the user to offboard |
Output
The node outputs JSON data representing the result of the offboarding operation. This typically includes status information about each step performed (e.g., mailbox conversion success, license removal confirmation, session revocation status). The exact structure depends on the API responses but generally provides feedback on what actions were completed successfully or failed.
If the node supports binary data output (not indicated here), it would likely relate to exported user data or logs, but this is not evident from the provided code.
Dependencies
- Requires an API key credential for authenticating with the CIPP API.
- Needs proper configuration of the API base URL in credentials.
- Depends on the external CIPP API service to perform user offboarding operations.
- The node expects the tenant and user details to be accurate and valid within the target system.
Troubleshooting
Common issues:
- Incorrect or missing tenant/domain/user information can cause failures.
- Insufficient permissions or invalid API credentials may lead to authorization errors.
- Scheduling an offboarding operation in the past or with invalid date formats might cause errors.
- Network connectivity problems with the CIPP API endpoint.
Error messages:
- Authentication errors: Verify API key validity and permissions.
- User not found: Check that the user email and tenant details are correct.
- Operation not permitted: Ensure the API user has rights to perform offboarding steps.
- Invalid parameters: Confirm boolean flags and required fields are properly set.
Resolving these usually involves verifying input data, checking API credentials, and ensuring network access.
Links and References
- CIPP API Documentation (replace with actual URL)
- General best practices for user offboarding in IT systems
- n8n documentation on creating custom nodes and using credentials