Best practices for user offboarding

SECURITY  Administrator

NAVIGATION  Setup > Users

NAVIGATION  New UI > Setup > Users

This topic discusses best practices when deactivating a user's Datto RMM account.

Revoking user access

There are two options when revoking user access to Datto RMM:

Deactivating a user

Use this option when a user is expected to not need access to Datto RMM for an extended period of time.

Refer to Deactivate in Users.

Deleting a user

When deciding whether or not to delete a user, consider the following:

  • Before deleting a user, their associated data must be assigned to another user.
  • When reassigning associated data to another user, you may only select another user that has the same or higher component level than the user you are deleting. This ensures that the user will have the required permissions to perform actions on the associated data being assigned to them.
  • If at the time of deletion, a Datto RMM user account is linked to an Autotask user profile via the Autotask Integration, the link will be removed. The Autotask user can then link their user profile to another Datto RMM user account.

Refer to Deleting a user.

Email recipient removal

Global or site-level emails

If the user was set as a default global or site email recipient, their email address must be manually removed from the according sections.

Global

Refer to the Email Recipients section in Global Settings.

Site level

Refer to the Email Recipients section in Creating or editing a site.

Monitor alert emails

If the user’s email address was manually specified to receive monitor alert emails, you must edit each alert and remove the user’s email address as follows:

  1. Navigate to the monitor you would like to update. The monitor can be a standalone monitor or part of a Monitoring policy. Refer to Monitors and Policies.
  2. In the Response > Send an email section, remove the unwanted recipient from the list. Refer to Recipients.
  3. Save the monitor or the monitoring policy.

NOTE  You will have to repeat this process for all monitors or Monitoring policies in which the user is assigned as a monitor alert email recipient.

Additional privileged information access

  • Deactivating or deleting a user will disable all automatic email sent from Datto to their email address that was listed under their RMM user account.
  • Any API keys attached to an inactive or deleted user will no longer function. In order for your integrations to continue to communicate with RMM, you must obtain new API keys from an active user to replace the old keys. Refer to Datto RMM API for information on retrieving new keys.