Removing Accounts from Groups

When user accounts no longer meet the criteria for belonging to a group, you can remove them from the group. When you do so, any entitlements and delegations they received from the group via a policy are handled in accordance with that policy.

For example, if you have a group with an Exchange Mailbox Provisioning Policies that specifies the mailbox be deprovisioned when a member is no longer a member, removed users will lose their mailboxes.

To remove an account from a group

1. In the navigation sidebar, expand Identity Administration and click Groups.

2. Search for the group from which you want to remove user accounts and then click the record for that group. You should see a list of contextual actions appear that can be executed against that group appear in the Actions pane.
   

3. Click the Remove Accounts from Groups action.
   
4. In the Account Lookup that appears, search for the account you want to remove from the group and then the box beside the account to select it.
   
5. Repeat, adding as many accounts as needed.
6. When you have finished adding accounts, click Submit.
7. Click OK to close the Operation Execution Summary.
   

To verify that EmpowerID removed the accounts from the group

1. From the navigation sidebar, expand System Logs and then click Audit Log.
2. Click the drop-down arrow beside the search field to open the Advanced Search dialog.
   
3. In the Advanced Search dialog, do the following
   1. In the To Whom or What field, enter the name of the group from which you removed one or more accounts.
   2. In the Operation Display Name field, enter Remove Account.
   3. Click Submit.
      
4. You should see a record for each account you removed from the group.