Our community is for contracted clients, business partners, and employees only and it is expected that they are active in the site on behalf of their organization, so we needed to be able to automatically disable users who stop working at a client org. For the process we put in place, the premise is that users have registered with their corporate email address, and that those email addresses are disabled if the user leaves the org. We worked with one of Jive’s partners to develop an “email revalidation” process. Each 6 months, it sends a friendly email requesting that the user click a link to revalidate their account with 7 days. The link opens a confirmation page and their account properties are updated to ask again in 6 months. If they don’t click the link, they get a reminder and then final email before their account is disabled. For employees, we put a script in place that puts their “expiration” date way out in the future, since we are notified otherwise if they’ve left the company.
This process partially solves the problem.
User accounts are automatically disabled if their email address is no longer active
Client orgs don’t have to notify is if their employees have left (although we still encourage them to)
Users don’t like when they’ve changed jobs to another client org and have to re-register and lose all of their old stuff
The process only happens twice a year – not really often enough to truly cover legal/liability bases
Not all users have a corporate email address (for us, around 15% of users)
In addition, we disable user accounts whose email addresses bounce back to other emails we send as “unknown.”
Going back to the original question – how do you handle it if a user’s email address has become invalid – I would say if they can’t provide a valid email address, they shouldn’t have an active account. This seems to be pretty standard across user sites these days, but I’m interested in hearing others’ opinions.
Suzanne, what you have in place now is much better than nothing. We're struggling right now to find a good solution as well, and it looks like for the time being we'll have to manually disable accounts for people who are no longer clients. On the one hand, it shouldn't be difficult for me to receive a report from our customer database on a weekly basis which will list all clients who have gone from active to inactive/withdrawn status. On the other hand, if we manually disable an account and someone then becomes a client again, we'd probably have to manually enable their account. Until we can get SSO in place, we are in a tough spot. But, because we're a mashup of several organizations now (our parent company has been on an acquisition spree), it could be years before we have a single client database. In the meantime, I'm looking for any sort of creative solution that will make this easy on us, and our users.
Suzanne and Scott, the space Jennifer is talking about is our public facing community.csc.com site - and it is more open and available to anyone on the Internet to register and create an account (ie. there is no customer hurdle to join this particular community - though we will be standing up another community shortly where the rules will be more strict and will be integrated with our own directory).
So then the challenge is a little more difficult. Though I like the idea of a script that requires users to validate accounts in some manner.
Anyone else managing a broader, public facing community tackling this issue as well?
In an external community this is a conundrum. One option is to write a script that identifies a bounced email and renders the email inactive.When that member signs back in or attempts to they recieve a redirect (pop-up) to update their profile information. In addition, without completing the "update task" to account remains inactive. If the user attempts to create a duplicate account they should receive a message that identifies a duplicate account and redirects them to update or contact the community manager if they have forgotten their PW.
Hope that helps,