Temporarily Revoke Access

Revoking a member is how you temporarily remove someone from your organization. You can later restore their access or permanently remove them from your organization. When a member is revoked, they:

• Cannot access any organization vault items or collections.

• Cannot log in with your organization's SSO.

  

  warning

  Members who do not have master passwords, for example in organizations using trusted devices or Key Connector, will be fully locked out of their account if they are revoked.

• Are not subject to your organization's policies.

• Do not occupy a subscription seat.

There are a few ways to revoke a member. Members are automatically revoked when they violate certain enterprise policies or the member is suspended or deactivated in the IdP used for their organization's SCIM.

Alternatively, an owner, admin, or custom role member with Manage users permission can manually revoke users:

1. In the Admin Console, select Members.

2. Check the member(s) you want to revoke.

3. Select the  Options menu.

4. Select Revoke access:
   

   

5. Select Revoke members to confirm.



tip

To view which members are revoked, go to Members → Revoked. Hover over the  Revoked icon next to a specific user to learn why they were revoked:

If it says "Unknown reason," then the member was revoked before release 2026.5.0.

An owner, admin, or custom role member with Manage users permission can restore members' access quickly. Restoring access to a revoked member does not require that they take any steps to rejoin the organization, meaning they don't need to be re-invited, accept an invite, or be confirmed.

To restore access to a member:

1. In the Admin Console, select Members.

2. Select Revoked.

3. Check the member(s) you want to return to the organization.

4. Select the  Options menu.

5. Select Restore access:
   

   

6. Select Revoke members to confirm.