How is that possible? I know we can delete sessions but that doesn’t prevent the user from logging right back in. I don’t want to have to reset everyone’s pw. We could come up with a customization, I suppose, but I find it hard to believe Epicor doesn’t address this?
Erin
Go into the Admin Console and Stop Application Pool.
Edit: Ah, your profile says SaaS, so you can’t access the Admin Console. I’m finding that to be one of the major pain points of cloud. In the top five, anyway. 
Yeah, we’re in the cloud now, so I’ve lost access and control to a lot of things. 
Can SaaS even do a data regen?
If you make an account inactive, can you later make it active without having to reset pw’s?
If so and SaaS allows DMT, you could have a DMT import that inactivates all accounts (EXCEPT YOURS!), and another that reactivates them.
When I was in SaaS, we did exactly what @ckrusen suggested. I had a BAQ that copied all ACTIVE users to a DMT format to set Active to False (or Inactive to True). Save this file! We ran the DMT for everyone except System Managers. We did the work (usually upgrade weekend). Then we copied the original file and reversed the flag to re-enable the previous active users. Updating via DMT does NOT force a password reset.
I would recommend using Azure Active Directory for passwords for SaaS users. It gives you far more control than basic auth (username/password). Actually, I would do it for on-prem as well if you’re adopting a zero trust program or when you start using the Kinetic browser apps.
Good idea Mark.
Thanks for your replies. We were discussing that option yesterday, actually, but we thought it would force a pw reset so we didn’t try it. That is excellent that it will not. Thanks, @Mark_Wonsil for that important bit of info. You guys are so helpful. 
Happy Saturday!