To ensure that our portals follow data protection best practices, we would like to be able to make a user inactive and essentially revoke access after x number of days. So if a user hasn't logged in for 90 days then their access should become inactive and require an admin reset. This would assist us in managing user access and protect our data.

This allows team members who shifted role or left the business to have their access expire in case they were not removed and seems to be good practice on secure platforms.