Disabled internal User have audit log of "logged in via password from 114.10.117.218."

Vincent_Lius · June 7, 2023, 9:05am

I disabled this user on 15 May since it's an end of working contract.

But see this activity log that the person "logged in via password from 114.10.117.218." on 1 June.

I'm just want to know what does word "logged in" meant? Like will the user still able to see the pages like he/she used to before disabled. Then isn't the point of disabling user so the person can't logging in again.

Kabirdas · June 13, 2023, 4:07am

Hey @Vincent_Lius!

Disabled users won't have access to your org, if they attempt to log in they'll be immediately redirected back to the login page. However, the login attempt will still show up in your audit logs which looks to be what you're seeing.

Let me know if that answers your question!

victoria · August 30, 2023, 10:18pm