How To

Record a User’s Deactivation Date

Salesforce gives you the ability to activate and deactivate users. Surprisingly, Salesforce does not track the user’s deactivation date.You may need this information for your company’s security access reviews.

You can quickly solve this gap with a custom field and a simple process builder.

Here are a few lessons learned from implementing this use case:

  • Users may be deactivated and re-activated. The process should account for changes in active status and the data stored in the user’s deactivated date field.
  • Provide descriptions, where provided, in Salesforce. This may be tedious step, I know, but your future self will thank you when you are trying to remember what you configured or assist other/future admins when troubleshooting or enhancing what was built. This includes noting the data stored in a custom field, providing the purpose of a process builder, etc.

Business Use Case: Addison Dogster is a system administrator at Universal Container. Sammy Sunshine is the Information Security Officer and needs to know when the quarterly user access report is run, for deactivated users, the date the user was deactivated.

Solution: Addison knows that this information is not currently captured in Salesforce and will need to automate this. She is able to solve this declaratively by creating a custom user field to store the user’s deactivation date and a process builder to set the deactivation date if the user’s status changes.

Quick Steps:

1. Create a custom user field (Customize | Users | Fields) called Deactivated Date.

DeactivatedDateUserCustomField.JPG

Best practice tips:

  • Don’t forget to provide a description so you and other/future admins know what this custom field is used for.
  • Set the FLS (field level security) for each profile. Only make the field visible and editable for the profiles that need it. Do not just click the “Next” button when you are on the screen.

2. Create a process builder (Create | Workflows & Approvals | Process Builder). Click on the New button.

DeactivatedDateProcessBuilder.JPG

Best practice tip: Don’t forget to provide a description so you and other/future admins know what this process builder is used for.

DeactivatedDateProcessBuilder-Properties.JPG

A. Select the User object and to start the process “only when a record is created or edited”.

DeactivatedDateProcessBuilder-Object.JPG

B. For the node criteria, provide the criteria name and set the criteria to [User].Active Is Changed boolean True which means if a user’s active status changes, we want to execute this node.

DeactivatedDateProcessBuilder-NodeCriteria.JPG

C. In the Immediate Actions box, select to “Update Records” and the record that initiated the process. Update the Deactivated Date field using a formula:

IF ([User].IsActive=false, today(), null)

Essentially, if the user’s status is not active, the deactivated date is today. If the user’s status is active, then the deactivated date is blank.

DeactivatedDateProcessBuilder-ImmediateAction.JPG

Click the Save button.

D. Click the Activate button in the upper right hand corner. Click the “Ok” button.

ActivateVersion

 

That’s it. Congrats, you’ve implemented the solution!

Now, before you deploy the changes to Production, you need to test your configuration changes.

  1. Navigate to a user record.
  2. Deactivate a user.
  3. Confirm that the Deactivated Date field is today’s date.
  4. Activate the same user.
  5. Confirm that the Deactivated Date field is now blank.

Deployment Notes/Tips:

  • The custom user field, user page layout and process builder can be deployed to Production in a change set.
  • The field level security for the custom user field will need to be manually updated post deployment. I would caution against adding the related profiles in the changeset for deployment as the results of deploying a profile are not reliable. If you have a tool like Snapshot by Dreamfactory, you can use the tool to deploy field permissions.
  • Activate the process builder after it is deployed in Production as process builders are deployed as inactive.

 

 

 

Advertisements

6 thoughts on “Record a User’s Deactivation Date

  1. Yes, when a user is deactivated, it is recorded in the Setup Audit Trail. However, actions noted in the Setup Audit Trail cannot be pulled into a report. So, from an audit review perspective, if I have a deactivated field, I can run a user report to show license, role, profile, last login, deactivated date, etc. to hand over to those responsible for user access reviews on a monthly basis.

    Like

  2. Yes, this can be handled via workflow rules. Salesforce recommends using Process Builder for automating processes first since it has all of the functionalities of workflow rules except sending outbound messages plus more. We’re moving away from workflow rules because managing workflow rules can become unruly and your process builder can cover more actions than just tracking the deactivated date – more actions on the User object. For this blog post, I only showed setting the deactivated date. Hope that helps.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s