We were given a directive that any vendor who has access to our systems and servers must be disabled when not in use. We have quite a few vendors who provide outside support for us and need access frequently. We are working towards a PAM system, but that is going to take time to implement. Right now we are disabling them in AD which in turn deactivates them in Okta. When they need access again, we have to enable in AD and then reactivate in Okta which resets their Okta password and they also usually have to remove that profile from their Okta app on their phone and re-add it as well. This is proving difficult to do multiple times a day and day after day with the same vendors. Does anyone know of a better way to temp disable a user that will also corelate to them being disabled in AD(for security reports)? I need a better way to satisfy the security requirements without making the vendors jump through hoops.