Ability to disable users

MarkSRasmussen

When users leave the company we want to remove their access to HubSpot. If we delete a user, their names are deleted from history. e.g. "User A created a Note" will no longer contain User A's name, but rather an internal number identifier, rendering it useless.

 

As such, when a user leaves, we have to keep their account open, though with a reset password. This means the user is still present in lists, autocompletes, etc. when using the product, which can be confusing and prone to errors for other employees.

 

Just like every other CRM on the market allows, it should be possible to "Disable" a HubsSpot user, retaining all history but removing the user from all lists and disallowing logins.

100 Replies
sdt_kparent
Participant

Big Security issue.

 

Need the ability to disable a user if they are terminated to remove access immedialy until able to review and reassign items.

Even setting user settings to the lowest possible, still allows them to login and be able to access items that qualify for 'Owned Only'.

Chris-B
Member

Shocked there is not a disable user feature that prevents log in without deleting histories and record assignments.  This is a major roadblock.  Please add this feature.

vvannoy
Member

Has any progress been made to diable a user's account when the employee leaves the company? We are not ready to reassign contacts and don't want the ex-employee having access to login.  Is this a priority for HubSpot?

sdt_kparent
Participant

@vvannoy I just recently had the same issue and Support noted to just reset the password and pointed me to this Idea.  (Lucky we also have SSO, but I still suggest a reset as well after the individual no longer has access to the email account)

Chris-B
Member

That solution sounds like it might deter users from access in cases where the email was a company email managed by the same company who adminster hubspot but this isn't helping us where our users are external to the organization and have independent emails.

 

Really hoping for an enhanced hubspot admin feature to allow the inactivating/activating of users without having to delete them.  It's the right thing to do.

KevinWebb22
Participant

I'm extremely confused as to why such a seemingly common feature is not yet available. This seems like it would be one of the foundational functions of the system... right after naming the platform and choosing the company colors. It seems very logical that company's would want to maintain their user history for client accounts, even after they have left the company. A simply toggle should deactivate the user's access and leave everything else in place. At the very least, if the super admin resets the password for a user, it should automatically disable the old password. We found out today that isn't the case. 

vvannoy
Member

I found a comment on this topic from back in 2017. Does that mean that Hubspot doesn't care to resolve this issue? How do we get Hubspot people to take this is seriously? Is there some other forum? This isn't really an idea for them to ponder adding but a fix to an issue. 

henrou
Contributor

Yeah, this is a basic must-have feature. A CRM without it doesn't feel finished. Please implement this soon.

robd
Member

Yes please add this feature. Basic need from a CRM that is used by sales teams. Surprising it is not there.  

cjcooper1983
Participant

I'm confused how this is not already a feature, especially as it has been an issue since 2017. It seems a little short-sighted to just "Delete" a user and "Re-assign" companies/contacts/deals.

ogould
Member

Completely agree. Super-Admins should have the ability to disable users or at least be able to change their password on our end to prevent the termed user to access HubSpot. This is so important even from a security standpoint.

BB1
Top Contributor

Wow! This is still not resolved!

 

To explain - what @sdt_kparent and @Chris-B are saying - if you have access to the deactivating user's email used for Hubspot, you can change the password on the email account and restrict the user from accessing it, and then reset the password on HS so they will not be able to get in again. However, as @KevinWebb22 is saying, a user can still get in with the old password. Unless he is mistaken and the user just reset the password again, then the first solution is not good. Can you clarify that @KevinWebb22 ?

Dedicated
Participant

One of the most amazing aspects of HubSpot is the very detailed history they make available. You can see exactly who did what and at what time it was done. It puts so much into perspective! We really don't want to have to lose valuable history on company information because we have to delete instead of de-active a past user. Please implement the functionality to be able to keep a user but de-activate them, as soon as possible!

BB1
Top Contributor

Just to update - we just tested it - if you reset a password - it sends the user an email to reset password. Whe the recipient clicks on the link and resets their password, the old password will not work. So that should work in such a case.

vvannoy
Member

Here is the issue I have. I am the hubspot admin and I don't have access to receiving the terminated employees reset password email so therefore I can't reset the password. How can I go into HubSpot to change the password to the ex-employee doesn't have access? This is why deactivating a user is essential.. please fix this. We have been address this issue for 2 years, 

KevinWebb22
Participant

@BB1 - You can do a password reset, but the old/current password does not actually reset until the link is clicked in the password reset email. So if you disable the employees email or it is deleted, you can no longer reset the password and the old password will work indefinitely. The work around is to coordinate with IT to click the password reset link before doing anything with the email account. Obviously this is not ideal and is a terrible hassle to have to involve multiple departments for something that could be easily fixed. 

HubSpot just needs to create an option to "Disable/Deactiviate User" that allows for all of the user's history to be maintained, but disallows access to the user.

BB1
Top Contributor

Correct @KevinWebb22 - can be quite complicated if a large company. My company is not that large.

 

@rick_d  anything developing on Hubspot's end?

KevinWebb22
Participant

@BB1 - We aren't massive (220 employees), but it's still an innefficient process, regardless, and HubSpot is supposed to exists to make work life more efficient. 😐

BB1
Top Contributor

Yes. Does anyone in Hubspot see this and have feedback/update?

@ashahhubspot @rachelrc @briley @Sarah 

MarkSRasmussen
Member

Having originally created this issue three years ago, I'm quite saddened to still receive notifications from people wondering the same. Please don't misunderstand me, I don't mind the notifications themselves, what I do mind is seeing this issue being wholly ignored for three years, still going strong.

 

Literally every single other part of our tech stack supports the concept of disabling users. I'm trying to reason how this has been left unaddressed by Hubspot for 3 years, but I'm drawing blanks. I really don't get it.