Dormant user accounts are a primary target for security threats and often lead to unnecessary licensing costs. To help you automate user lifecycle management and enhance your security posture, JumpCloud can now proactively detect and alert on dormant directory users—end users who have had no qualifying activity (no sign-ins across on SSO apps and no logins from registered devices) for a configurable time window with the User Inactivity rule.
The User Inactivity detection rule template lets you:
- Set automated daily checks to scan your directory for users who haven't shown activity within your defined timeframe.
- Fully customize your alert thresholds (like, 30, 60, or 90 days, up to 365 days) and assign custom rule priorities (Low, Medium, High).
- Add multiple inactivity milestones within a single rule to escalate alerts as a user remains inactive longer.
- Toggle the option to exclude already-suspended users so your team can focus exclusively on active, unmonitored risk areas.
To configure the rule, follow the steps detailed in Configure Rules for Device Monitoring and Alerting.
Make sure you do the following while configuring the rule:
- In the Conditions section, enter the number of inactive days required to trigger the alert. The rule will automatically activate and generate an alert the moment a user’s inactivity exceeds this threshold.
You can configure up to 5 thresholds in days (for example 90 days before expiry, 60 days before expiry, and so on)
- Maximum supported threshold:Â 365 days
- Click the User Groups tab and select the groups that you want to monitor for this rule. You can select multiple user groups.
- Select the Exclude Suspended Users checkbox to keep alerts focused and reduce noise.This ensures that users who are already suspended will not trigger unnecessary notifications.
How Multiple Inactivity Thresholds Trigger Alerts
When you configure multiple time thresholds within a single User Inactivity rule, the system determines which alert to trigger based on a highest milestone passed logic.
Because inactivity accumulates over time, the system will always evaluate the user's total number of dormant days and trigger the alert associated with the largest number of days they have successfully crossed.
The Logic in Action:
- The Rule: The longer a user remains inactive, the higher the milestone they pass.
- The Behavior: Instead of triggering multiple overlapping alerts simultaneously, the system evaluates the user's current status and surfaces the highest applicable alert tier.
Example Scenario
Imagine you configure a single User Inactivity rule with four separate thresholds: 30 days, 90 days, 180 days, and 365 days.
- Scenario A: A user has been inactive for 45 days. They have passed the 30-day mark but haven't reached 90 days yet.
- Result: You receive the 30-day inactivity alert.
- Scenario B: A user has been inactive for 400 days. They have successfully cleared every single milestone you configured.
- Result: You receive the 365-day inactivity alert, as it represents the highest, most critical milestone the user has passed.
This ensures your alerts accurately reflect the true depth of a user's inactivity without cluttering your dashboard with duplicate notifications for the lower tiers they already passed weeks or months ago.