Ability to boot a fired employee from the web or mobile app after being FIRED.

WARNING.... Let your GHL clients know that, to top it off, that fired employee is still able to send SMS and make phone calls AFTER being DELETED from the system.

AND

After that user is deleted, if they are still logged into the mobile app, their account communication defaults to the main number which is the SAME number you send 2FA. Now that fired employee can log into your ADMIN area via the web app. (if they know the email you use for login)

Current live situation….

One of my clients called me, who I have on GHL, and they just fired an employee. So my client changed their user email and password thinking that would restrict access to the software. Be aware, that is not what happens. That employee was still logged into the web app and mobile app and was still able to make calls and access everything as normal.

When my client saw they were still making calls and sending sms messages well over an hour after he changed their email and password, my client DELETED the user, and STILL they were logged in and making phone calls. How can this be when that user no longer exists and has no assigned phone number? I will tell you how.... GHL is now sending this fired employees out going SMS, calls, invoices as coming from my client's "default" phone number. That makes the problem even worse.

If this fired employee was malicious or vigilant, think about the damage they could do after being fired. All their conversations to customers are now originating from the company's "default" outbound number, which is the official company's registered A2P lines.

Any business that has employee turnover could never use this software and still feel confident that their brand and reputation is safeguarded from terminated employees.

I got off the live chat with GHL support and I CANNOT believe this is actually how deleted users (i.e. fired employees) are handled. This is unexpected from a software platform of this size and funding.

GHL support says "Once you are logged in session gets inactive after a while and once after the session has expired they will not be able to log back in again." I asked them what "after a while" meant and they replied "ideally in about 2 hours". This is NOT true. This fired/deleted user is STILL logged in and sending messages and making phone calls several hours after being deleted. And how about the "ideally in 2 hours" answer. Is this really the process? Is it 1995 and we're installing Windows using Floppies? Comeon man. When I fire someone, I don't want them sending messages or making phones using my companies default phone number and registered A2P number. That's dangourous.

I would of posted this as a "feature request", but this lack of administrative control and breach of security is too severe to wait for enough "votes" to make it to the upcoming release list. I feel I needed to make this known to all other business owners that when you fire or delete a user, they will and DO continue to have access to your Lead Connector app WITH the ability to send SMS messages and make live phone calls from your main default company phone number as their caller id.

GHL needs to include the ability to "boot" or "logout" or "kill the session" of a selected user and once their password was changed by an administrator they wouldn't have the ability log back in. This is ideal so that we don't have to delete the user and can instead "reassign" that users contacts to a manager or replacement employee, BUT if this isn't possible, we must be able to delete a user and that automatically "kills their session". (at least faster than several hours later as currently designed)

For sub-context, the reason my client first started by changing their email and password, instead of deleting them, was because he didn't want to lose the ability to view their previous conversations, call reporting, etc using GHL filters. Obviously, when you delete a user, you can no longer "filter" for that user to segment their activity, you can now only filter by their previously assigned phone number if they had one. Plus, if deleted all their assigned contacts would be unassigned, and again, you would not be able to, for example, "reassign" a different employee to take over that x-employees contacts/conversations, etc.