Stale users
The presence of stale users within an app can pose several risks and challenges. These inactive or disengaged users may occupy valuable database space, impacting system efficiency and performance. Moreover, they can skew analytics and reporting metrics, making it difficult to assess user engagement and behavior accurately.
Stale user accounts can also become attractive targets for malicious actors seeking to exploit abandoned profiles for fraudulent activities or data breaches. To mitigate these risks, it's essential for app developers and administrators to regularly review and clean up inactive accounts, implement proper user lifecycle management practices, and encourage user engagement to maintain a healthy and secure user base.
How it works
Once a day, we conduct a check on all users to determine their last login to any of their accounts. If the number of days since their last login exceeds the configured threshold, the system identifies that user as stale.
If you select Allow, Challenge, or Block, the action will take effect during their next login. However, if you choose Lock, the user will be immediately locked during the daily check.
Configuring stale users
In the Frontegg portal
Choose from the following actions when a user becomes inactive:
- Allow: Permit the user to access the app on their next login.
- Challenge: Introduce Multi-Factor Authentication (MFA) to verify the user on their next login. If successful, grant access to the app.
- Block: Prevent subsequent login attempts.
- Lock: Immediately restrict the user during daily checks.
User experience
- Allow: The user is permitted to proceed to the app, marking them as non-stale.
- Challenge: The user undergoes an MFA challenge. Upon successful completion, they proceed to the app and are no longer considered stale. If unsuccessful, their login is blocked.
- Block: The user receives a failed login message.
- Lock: The user is notified that their account is locked.
Notifying end users of stale user logins
Notifying end users of stale user logins
You can choose to notify users of login attempts once they are marked as stale by selecting the relevant checkbox.
Analyzing stale users in your app
If you're curious about the frequency of stale user logins, you can track their login occurrences over time, along with the locations of these logins, in Security Events.