To suspend (deactivate) an identity in Ory Network, you need to change the identity's state to inactive. This can be done using the Ory SDK or API, not via the Ory Console. For example, using the Go SDK, you can patch the identity's state like this:

go _, _, err = ory.IdentityApi.     PatchIdentity(authed, identityId).     JsonPatch([]client.JsonPatch{{Op: "replace", Path: "/state", Value: "inactive"}}).Execute()

Or in JavaScript:

js await identity.patchIdentity({   id: identityId,   jsonPatch: [     {       op: "replace",       value: "inactive",       path: "/state",     },   ], })

Setting the state to inactive will prevent the identity from using self-service flows such as sign-in. If an inactive identity tries to sign in, the server will respond with a UI error. This operation is currently only available via the SDK or API, not through the Ory Console interface [Identity state](https://www.ory.sh/docs/identities/model/activate-deactivate-user-login-state), [Github Issue: Disable User](https://github.com/ory/network/issues/415).

Suspending (deactivating) an identity by setting its state to inactive does not automatically expire or revoke the identity’s existing sessions. The knowledge sources indicate that while an inactive identity cannot use self-service flows such as sign-in, there is no mention that existing sessions are immediately terminated or invalidated when the state is changed to inactive. You would need to explicitly revoke or delete the sessions using the appropriate administrative API if you want to force logout for that identity’s active sessions [Identity state](https://www.ory.sh/docs/identities/model/activate-deactivate-user-login-state), [Github Issue: Disable User](https://github.com/ory/network/issues/415). If you need to revoke all sessions for an identity, you can use the "revoke and delete identity sessions" API endpoint [Revoke and delete sessions of a user](https://www.ory.sh/docs/kratos/session-management/list-revoke-get-sessions#revoke-and-delete-sessions-of-a-user).