Actions129
- Calendar Permission Actions
- CIPP Administration Actions
- Execute API Client (GET)
- Execute Auto Backup
- Execute Extension Mapping (GET)
- Execute Extension Mapping (POST)
- Execute Extension Sync
- Execute Extensions Config
- Execute Password Config (POST)
- Execute Restore Backup
- Execute Run Backup
- List Custom Roles
- List Extension Sync
- List Logs
- List Scheduled Items
- Remove Scheduled Item
- Execute API Client (POST)
- Execute Extension Test
- Execute Password Config (GET)
- List Backups
- List Function Parameters
- Group Actions
- Intune Actions
- Add MSP App
- Add Office App
- Add Policy
- Add Store App
- Assign App
- Assign Autopilot Device
- Device Action
- Get Recovery Key
- List Applications
- List Application Queue
- List Autopilot Config
- List Devices
- List Intune Scripts
- List Intune Templates
- Remove Autopilot Device
- Remove Policy
- Remove Queued App
- Add Choco App
- Add WinGet App
- Assign Policy
- Get Local Admin Password
- List Autopilot Devices
- List Intune Policies
- Remove App
- Remove Intune Script
- Sync Autopilot Devices
- License Actions
- Security & Compliance Actions
- Teams & SharePoint Actions
- Tenant Actions
- Add Alert
- Clear Tenant Cache
- Execute CA Exclusion
- Execute Named Location
- Get Tenant
- List Alerts Queue
- List Azure AD Connect Status
- List Conditional Access Policies
- List Named Locations
- List Shared Mailbox Statistics
- List Standards
- List Tenants
- Remove Standard Template
- Add Named Location
- Edit Tenant
- Execute Standards Run
- List Audit Logs
- List CSP Licenses
- List Roles
- List Standard Templates
- Tool Actions
- User Actions
- Add User
- Exec Restore Deleted User
- List User
- List User Conditional Access Policies
- List User Groups
- Clear Immutable ID
- Create Temporary Access Password
- Delete User Device
- Dismiss Risky User
- List Deleted Items
- List Inactive Accounts
- List Sign-Ins
- Remove User
- Reset MFA
- Restore Deleted Item
- Revoke Sessions
- Set Email Forward
- Set Per-User MFA
- List All Users
- List User Counts
- List User Devices
- Convert Mailbox
- Disable User
- Enable Archive
- List MFA Users
- Offboard User
- Reset Password
- Send MFA Push
- Set Out of Office
Overview
This node operation offboards a user from a tenant by performing a series of configurable actions such as converting the mailbox to shared, removing licenses, resetting the password, deleting the user account, removing MFA devices, revoking sessions, removing groups and permissions, disabling sign-in, hiding from the Global Address List, and more. It is useful for IT administrators managing user lifecycle and ensuring secure and compliant offboarding processes in an organization.
Use Case Examples
- Offboard a user by converting their mailbox to shared, removing all licenses, resetting their password, and deleting the user account.
- Schedule an offboarding operation to disable sign-in, remove MFA devices, revoke sessions, and hide the user from the Global Address List at a specified date and time.
Properties
| Name | Meaning |
|---|---|
| ConvertToShared | Whether to convert the user mailbox to a shared mailbox. |
| RemoveLicenses | Whether to remove all licenses from the user. |
| ResetPass | Whether to reset the user password. |
| DeleteUser | Whether to delete the user account. |
| RemoveMFADevices | Whether to remove all MFA devices from the user. |
| RevokeSessions | Whether to revoke all active sessions for the user. |
| RemoveGroups | Whether to remove the user from all groups. |
| removePermissions | Whether to remove all permissions assigned to the user. |
| RemoveMobile | Whether to remove mobile device access for the user. |
| RemoveRules | Whether to remove all rules associated with the user. |
| DisableSignIn | Whether to disable sign-in for the user. |
| HideFromGAL | Whether to hide the user from the Global Address List. |
| removeCalendarInvites | Whether to remove all calendar invites for the user. |
| ClearImmutableId | Whether to clear the immutable ID for the user. |
| disableForwarding | Whether to disable email forwarding for the user. |
| KeepCopy | Whether to keep a copy of user data. |
| Scheduled | The date and time when the offboarding operation will be scheduled. |
| tenantLabel | The display name for the tenant. |
| tenantDomain | The domain name of the tenant. |
| forward | The email address to forward the user's email to. |
| userName | The display name of the user to offboard. |
| userEmail | The email address (UPN) of the user to offboard. |
| requestOptions | Additional request options such as batching, SSL certificate validation, proxy, and timeout settings. |
Output
JSON
status- The status of the offboarding operation (e.g., success or failure).details- Detailed information or results of each offboarding step performed on the user.
Dependencies
- Requires an API key credential for authentication to the CIPP API service.
Troubleshooting
- Ensure all required fields such as tenantLabel, tenantDomain, userName, and userEmail are provided to avoid validation errors.
- If the API request fails, check network connectivity, proxy settings, and SSL certificate validation options.
- Timeout errors can occur if the server is slow to respond; adjust the timeout setting accordingly.
- Batching settings should be configured properly to avoid throttling or rate limiting issues.