Hi all,
I am trying to use the managemt api tool to create a rule that does the following iteration.
If the user has not logged in at least one time in the last two years set the email as Unverified and send an email to re-login/verify the email. if this action is not done within a week of sending the email disable the user.
I am looking for various guides and directions but cannot find a complete explanation.
Thank you
Hi @SupConf,
Thank you for reaching out to us!
Just letting you know that Rules have been deprecated and you cannot create new rules, even though the button is still present on the Management Api page.
This being said, I believe you can achieve this behavior by creating a post-login Action and the Management Api so that when one of the target users attempts to login, the email_verified field is changed to false and you can deny them access at that point. You should be able to use the last_login attribute to check the last time they accessed their account. They will need to verify their email in order to proceed.
In regards to the second part, this would be a manual step, but to keep track, you can configure the Action to add an attribute to the user’s app_metadata ( so that the user cannot modify it) by which you can know when they attempted to login and when they triggered the Action. This way, if you see a user with that attribute, but with their email verified, it would mean that they did login within 7 days of the first attempt.
I am not sure if you would prefer to delete or block their account, but I believe this needs to be manually done, from the Dashboard or the Management API if you prefer.
Have a good one!
Gerald
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.