diff --git a/package-lock.json b/package-lock.json
index ec981ecf..c0b5389f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4421,9 +4421,9 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.1",
-      "resolved": "https://dfe-ssp.pkgs.visualstudio.com/_packaging/Signin-Default/npm/registry/express/-/express-4.21.1.tgz",
-      "integrity": "sha1-na5d2oMvFrTuyUGk5EqonsSBsoE=",
+      "version": "4.21.2",
+      "resolved": "https://dfe-ssp.pkgs.visualstudio.com/_packaging/Signin-Default/npm/registry/express/-/express-4.21.2.tgz",
+      "integrity": "sha1-zyUOSDYhdOrWzqSlZqvvAWLB7DI=",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
@@ -4444,7 +4444,7 @@
         "methods": "~1.1.2",
         "on-finished": "2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.10",
+        "path-to-regexp": "0.1.12",
         "proxy-addr": "~2.0.7",
         "qs": "6.13.0",
         "range-parser": "~1.2.1",
@@ -4459,6 +4459,10 @@
       },
       "engines": {
         "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/express-ejs-layouts": {
@@ -7907,9 +7911,9 @@
       "integrity": "sha1-+8EUtgykKzDZ2vWFjkvWi77bZzU="
     },
     "node_modules/path-to-regexp": {
-      "version": "0.1.10",
-      "resolved": "https://dfe-ssp.pkgs.visualstudio.com/_packaging/Signin-Default/npm/registry/path-to-regexp/-/path-to-regexp-0.1.10.tgz",
-      "integrity": "sha1-Z+kQjFwFUbnlMmBkOH3kdjxNX4s="
+      "version": "0.1.12",
+      "resolved": "https://dfe-ssp.pkgs.visualstudio.com/_packaging/Signin-Default/npm/registry/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha1-1eGhLkeKl21DLvPFjVNLmSMWS7c="
     },
     "node_modules/pause": {
       "version": "0.0.1",
diff --git a/src/app/users/getBulkUserActions.js b/src/app/users/getBulkUserActions.js
new file mode 100644
index 00000000..f3c3b3ee
--- /dev/null
+++ b/src/app/users/getBulkUserActions.js
@@ -0,0 +1,11 @@
+const getBulkUserActions = (req, res) => {
+  const model = {
+    csrfToken: req.csrfToken(),
+    emails: '',
+    validationMessages: {},
+  };
+
+  res.render('users/views/bulkUserActions', model);
+};
+
+module.exports = getBulkUserActions;
diff --git a/src/app/users/getBulkUserActionsEmails.js b/src/app/users/getBulkUserActionsEmails.js
new file mode 100644
index 00000000..5b3c2704
--- /dev/null
+++ b/src/app/users/getBulkUserActionsEmails.js
@@ -0,0 +1,29 @@
+/* eslint-disable no-await-in-loop */
+/* eslint-disable no-restricted-syntax */
+const { searchForBulkUsersPage } = require('./utils');
+
+const getBulkUserActionsEmails = async (req, res) => {
+  const emails = req.session.emails;
+  if (!emails) {
+    return res.redirect('/users');
+  }
+  const users = [];
+
+  const emailsArray = emails.split(',');
+  for (const email of emailsArray) {
+    const result = await searchForBulkUsersPage(email.trim());
+    for (const user of result.users) {
+      users.push(user);
+    }
+  }
+
+  const model = {
+    csrfToken: req.csrfToken(),
+    users,
+    validationMessages: {},
+  };
+
+  res.render('users/views/bulkUserActionsEmails', model);
+};
+
+module.exports = getBulkUserActionsEmails;
diff --git a/src/app/users/index.js b/src/app/users/index.js
index 97dbf8cd..c36ad2cc 100644
--- a/src/app/users/index.js
+++ b/src/app/users/index.js
@@ -29,6 +29,10 @@ const getOrganisationPermissions = require('./getOrganisationPermissions');
 const postOrganisationPermissions = require('./postOrganisationPermissions');
 const getConfirmNewUser = require('./getConfirmNewUser');
 const postConfirmNewUser = require('./postConfirmNewUser');
+const getBulkUserActions = require('./getBulkUserActions');
+const postBulkUserActions = require('./postBulkUserActions');
+const getBulkUserActionsEmails = require('./getBulkUserActionsEmails');
+const postBulkUserActionsEmails = require('./postBulkUserActionsEmails');
 const postCancelChangeEmail = require('./postCancelChangeEmail');
 const getConfirmAssociateOrganisation = require('./getConfirmAssociateOrganisation');
 const postResendInvite = require('./postResendInvite');
@@ -39,8 +43,8 @@ const postDeleteOrganisation = require('./postDeleteOrganisation');
 const getSecureAccess = require('./getSecureAccessDetails');
 const postUpdateAuditLog = require('./postUpdateAuditLog');
 const getManageConsoleServices = require('./getManageConsoleServices');
-const postManageConsoleRoles = require('./postManageConsoleRoles')
-const { getManageConsoleRoles } = require('./getManageConsoleRoles')
+const postManageConsoleRoles = require('./postManageConsoleRoles');
+const { getManageConsoleRoles } = require('./getManageConsoleRoles');
 const { get: getAssociateServices, post: postAssociateServices } = require('./associateServices');
 const { get: getSelectOrganisation, post: postSelectOrganisation } = require('./selectOrganisation');
 const { get: getAssociateRoles, post: postAssociateRoles } = require('./associateRoles');
@@ -67,6 +71,10 @@ const users = (csrf) => {
   router.post('/organisation-permissions', csrf, asyncWrapper(postOrganisationPermissions));
   router.get('/confirm-new-user', csrf, asyncWrapper(getConfirmNewUser));
   router.post('/confirm-new-user', csrf, asyncWrapper(postConfirmNewUser));
+  router.get('/bulk-user-actions', csrf, asyncWrapper(getBulkUserActions));
+  router.post('/bulk-user-actions', csrf, asyncWrapper(postBulkUserActions));
+  router.get('/bulk-user-actions/emails', csrf, asyncWrapper(getBulkUserActionsEmails));
+  router.post('/bulk-user-actions/emails', csrf, asyncWrapper(postBulkUserActionsEmails));
 
   router.get('/:uid', asyncWrapper((req, res) => {
     res.redirect(`/users/${req.params.uid}/organisations`);
diff --git a/src/app/users/postBulkUserActions.js b/src/app/users/postBulkUserActions.js
new file mode 100644
index 00000000..51336b12
--- /dev/null
+++ b/src/app/users/postBulkUserActions.js
@@ -0,0 +1,47 @@
+/* eslint-disable no-restricted-syntax */
+const { emailPolicy } = require('login.dfe.validation');
+const { sendResult } = require('../../infrastructure/utils');
+
+const validateInput = async (req) => {
+  const model = {
+    emails: req.body.emails || '',
+    validationMessages: {},
+  };
+
+  if (!model.emails) {
+    model.validationMessages.emails = 'Please enter an email address';
+    return model;
+  }
+
+  // Removes any newline characters
+  model.emails = model.emails.replace('
', '');
+  model.emails = model.emails.replace('
', '');
+
+  // Trim whitespace around each email provided and remove duplicates
+  const trimmedEmails = model.emails.split(',').map((email) => email.trim());
+  const deduplicatedEmails = [...new Set(trimmedEmails)];
+
+  for (const email of deduplicatedEmails) {
+    if (!emailPolicy.doesEmailMeetPolicy(email)) {
+      model.validationMessages.emails = `Please enter a valid email address for ${email}`;
+    }
+  }
+
+  // Reglue array together back into a comma separated string
+  model.emails = deduplicatedEmails.join();
+
+  return model;
+};
+
+const postBulkUserActions = async (req, res) => {
+  const model = await validateInput(req);
+  if (Object.keys(model.validationMessages).length > 0) {
+    model.csrfToken = req.csrfToken();
+    return sendResult(req, res, 'users/views/bulkUserActions', model);
+  }
+
+  req.session.emails = model.emails;
+  return res.redirect('bulk-user-actions/emails');
+};
+
+module.exports = postBulkUserActions;
diff --git a/src/app/users/postBulkUserActionsEmails.js b/src/app/users/postBulkUserActionsEmails.js
new file mode 100644
index 00000000..4c098ac2
--- /dev/null
+++ b/src/app/users/postBulkUserActionsEmails.js
@@ -0,0 +1,123 @@
+/* eslint-disable no-await-in-loop */
+/* eslint-disable no-restricted-syntax */
+const { sendResult } = require('../../infrastructure/utils');
+const { deactivate, deactivateInvite } = require('../../infrastructure/directories');
+const {
+  getUserDetailsById,
+  updateUserDetails,
+  waitForIndexToUpdate,
+  rejectOpenOrganisationRequestsForUser,
+  rejectOpenUserServiceRequestsForUser,
+  removeAllServicesForUser,
+  removeAllServicesForInvitedUser,
+  searchForBulkUsersPage,
+} = require('./utils');
+
+const validateInput = async (req) => {
+  const model = {
+    users: [],
+    validationMessages: {},
+  };
+
+  const reqBody = req.body;
+  const res = Object.keys(reqBody).filter((v) => v.startsWith('user-'));
+  if (res.length === 0) {
+    model.validationMessages.users = 'At least 1 user needs to be ticked';
+  }
+
+  const isDeactivateTicked = reqBody['deactivate-users'] || false;
+  const isRemoveServicesAndRequestsTicked = reqBody['remove-services-and-requests'] || false;
+  if (!isDeactivateTicked && !isRemoveServicesAndRequestsTicked) {
+    model.validationMessages.actions = 'At least 1 action needs to be ticked';
+  }
+
+  return model;
+};
+
+const updateUserIndex = async (uid, correlationId) => {
+  const user = await getUserDetailsById(uid, correlationId);
+  user.status = {
+    id: 0,
+    description: 'Deactivated',
+  };
+
+  await updateUserDetails(user, correlationId);
+  await waitForIndexToUpdate(uid, (updated) => updated.status.id === 0);
+};
+
+const updateInvitedUserIndex = async (uid, correlationId) => {
+  const user = await getUserDetailsById(uid, correlationId);
+  user.status.id = -2;
+  user.status.description = 'Deactivated Invitation';
+
+  await updateUserDetails(user, correlationId);
+  await waitForIndexToUpdate(uid, (updated) => updated.status.id === -2);
+};
+
+const deactivateUser = async (req, id) => {
+  await deactivate(id, req.id);
+  await updateUserIndex(id, req.id);
+};
+
+const deactivateInvitedUser = async (req, userId) => {
+  await deactivateInvite(userId, 'Bulk user deactivation', req.id);
+  await updateInvitedUserIndex(userId, req.id);
+};
+
+const postBulkUserActionsEmails = async (req, res) => {
+  const model = await validateInput(req);
+  if (Object.keys(model.validationMessages).length > 0) {
+    model.csrfToken = req.csrfToken();
+
+    // Need to search for all the users again if there's an error.  It's a little inefficient,
+    // but realistically this page won't be generating many errors so this should be fairly infrequent.
+    const emails = req.session.emails;
+    const emailsArray = emails.split(',');
+    for (const email of emailsArray) {
+      const result = await searchForBulkUsersPage(email);
+      for (const user of result.users) {
+        model.users.push(user);
+      }
+    }
+    return sendResult(req, res, 'users/views/bulkUserActionsEmails', model);
+  }
+
+  const reqBody = req.body;
+  const isDeactivateTicked = reqBody['deactivate-users'] || false;
+  const isRemoveServicesAndRequestsTicked = reqBody['remove-services-and-requests'] || false;
+
+  // Get all the inputs and figure out which users were ticked
+  const tickedUsers = Object.keys(reqBody).filter(v => v.startsWith('user-'));
+
+  // eslint-disable-next-line no-restricted-syntax
+  for (const tickedUser of tickedUsers) {
+    // TODO add logging
+    const userId = reqBody[tickedUser];
+    if (isDeactivateTicked) {
+      if (userId.startsWith('inv-')) {
+        await deactivateInvitedUser(req, userId);
+      } else {
+        await deactivateUser(req, userId);
+      }
+    }
+
+    if (isRemoveServicesAndRequestsTicked) {
+      if (userId.startsWith('inv-')) {
+        await removeAllServicesForInvitedUser(userId, req);
+      } else {
+        await rejectOpenUserServiceRequestsForUser(userId, req);
+        await rejectOpenOrganisationRequestsForUser(userId, req);
+        await removeAllServicesForUser(userId, req);
+      }
+    }
+  }
+
+  // Clean up session value
+  req.session.emails = '';
+  const userText = tickedUsers.length > 1 ? 'users' : 'user';
+  res.flash('info', `Requested actions performed successfully on ${tickedUsers.length} ${userText}`);
+
+  return res.redirect('/users');
+};
+
+module.exports = postBulkUserActionsEmails;
diff --git a/src/app/users/postConfirmDeactivate.js b/src/app/users/postConfirmDeactivate.js
index 8c7ac5d9..0b05e338 100644
--- a/src/app/users/postConfirmDeactivate.js
+++ b/src/app/users/postConfirmDeactivate.js
@@ -20,7 +20,6 @@ const updateUserIndex = async (uid, correlationId) => {
   };
 
   await updateUserDetails(user, correlationId);
-
   await waitForIndexToUpdate(uid, (updated) => updated.status.id === 0);
 };
 
diff --git a/src/app/users/postConfirmInvitationDeactivate.js b/src/app/users/postConfirmInvitationDeactivate.js
index 5dc3b70f..59572998 100644
--- a/src/app/users/postConfirmInvitationDeactivate.js
+++ b/src/app/users/postConfirmInvitationDeactivate.js
@@ -1,10 +1,9 @@
 /* eslint-disable no-restricted-syntax */
 const logger = require('../../infrastructure/logger');
 const {
-  getUserDetails, getUserDetailsById, updateUserDetails, waitForIndexToUpdate,
+  getUserDetails, getUserDetailsById, updateUserDetails, waitForIndexToUpdate, removeAllServicesForInvitedUser,
 } = require('./utils');
 const { deactivateInvite } = require('../../infrastructure/directories');
-const { getServicesByInvitationId, removeServiceFromInvitation } = require('../../infrastructure/access');
 const { sendResult } = require('../../infrastructure/utils');
 
 const updateUserIndex = async (uid, correlationId) => {
@@ -19,8 +18,7 @@ const updateUserIndex = async (uid, correlationId) => {
 
 const postConfirmDeactivate = async (req, res) => {
   const user = await getUserDetails(req);
-  const correlationId = req.id;
-  
+
   if (req.body['select-reason'] && req.body['select-reason'] !== 'Select a reason' && req.body.reason.trim() === '') {
     req.body.reason = req.body['select-reason'];
   } else if (req.body['select-reason'] && req.body['select-reason'] !== 'Select a reason' && req.body.reason.length > 0) {
@@ -40,14 +38,7 @@ const postConfirmDeactivate = async (req, res) => {
     await deactivateInvite(user.id, req.body.reason, req.id);
     await updateUserIndex(user.id, req.id);
     if (req.body['remove-services-from-invite']) {
-      logger.info(`Attemping to remove services from invite with id: ${req.params.uid}`, { correlationId });
-      // No need to get the invitation to double check as getUserDetails does that already, if we're here then the invite definitely exists.
-      // getUserDetails parrots back the 'inv-<uuid>' as its id instead of giving us the true one without the 'inv-' prefix.
-      const invitationServiceRecords = await getServicesByInvitationId(user.id.substr(4)) || [];
-      for (const serviceRecord of invitationServiceRecords) {
-        logger.info(`Deleting invitation service record for invitationId: ${serviceRecord.invitationId}, serviceId: ${serviceRecord.serviceId} and organisationId: ${serviceRecord.organisationIdId}`, { correlationId });
-        removeServiceFromInvitation(serviceRecord.invitationId, serviceRecord.serviceId, serviceRecord.organisationId, req.id);
-      }
+      await removeAllServicesForInvitedUser(user.id, req);
     }
 
     logger.audit(`${req.user.email} (id: ${req.user.sub}) deactivated user invitation ${user.email} (id: ${user.id})`, {
diff --git a/src/app/users/utils.js b/src/app/users/utils.js
index eb8df8be..698583b2 100644
--- a/src/app/users/utils.js
+++ b/src/app/users/utils.js
@@ -10,9 +10,14 @@ const {
 } = require('./../../infrastructure/directories');
 const {
     getServicesByUserId,
-    getServicesByInvitationId
+    getServicesByInvitationId,
+    getUserServiceRequestsByUserId,
+    removeServiceFromUser,
+    removeServiceFromInvitation,
+    updateUserServiceRequest
 } = require('./../../infrastructure/access');
 const { getServiceById } = require('./../../infrastructure/applications');
+const { getPendingRequestsAssociatedWithUser, updateRequestById } = require('../../infrastructure/organisations');
 const { mapUserStatus } = require('./../../infrastructure/utils');
 const config = require('./../../infrastructure/config');
 const sortBy = require('lodash/sortBy');
@@ -193,6 +198,51 @@ const search = async (req) => {
     };
 };
 
+/**
+ * Modified user search used for the bulk user actions screen.
+ *
+ * @param email - A string representing the email that will be searched for
+ */
+const searchForBulkUsersPage = async (email) => {
+  let criteria = email.trim();
+  const userRegex = /^[^±!£$%^&*+§¡€#¢§¶•ªº«\\/<>?:;|=,~"]{1,256}$/i;
+
+  if (!criteria || criteria.length < 4) {
+    return {
+        validationMessages: {
+            criteria: 'Please enter at least 4 characters'
+        }
+    };
+  }
+  if (!userRegex.test(criteria)) {
+      return {
+          validationMessages: {
+              criteria: 'Special characters cannot be used'
+          }
+      };
+  }
+
+  if (criteria.indexOf('-') !== -1) {
+      criteria = '"' + criteria + '"';
+  }
+  const page = 1;
+  const sortBy = 'name';
+  const sortAsc = 'asc';
+  const filter = undefined;
+
+  const results = await searchForUsers(
+      criteria + '*',
+      page,
+      sortBy,
+      sortAsc,
+      filter
+  );
+
+  return {
+    users: results.users
+  };
+};
+
 const getUserDetails = async (req) => {
     return getUserDetailsById(req.params.uid, req.id);
 };
@@ -345,12 +395,70 @@ const mapRole = (roleId) => {
     return { id: 0, description: 'End user' };
 };
 
+const rejectOpenUserServiceRequestsForUser = async (userId, req) => {
+  const correlationId = req.id;
+  const userServiceRequests = await getUserServiceRequestsByUserId(userId) || [];
+  for (const serviceRequest of userServiceRequests) {
+    // Request status 0 is 'pending', 2 is 'overdue', 3 is 'no approvers'
+    if (serviceRequest.status === 0 || serviceRequest.status === 2 || serviceRequest.status === 3) {
+      logger.info(`Rejecting service request with id: ${serviceRequest.id}`, { correlationId });
+      const requestBody = {
+        status: -1,
+        actioned_reason: 'User deactivation',
+        actioned_by: req.user.sub,
+        actioned_at: new Date(),
+      };
+      updateUserServiceRequest(serviceRequest.id, requestBody, req.id);
+    }
+  }
+}
+
+const rejectOpenOrganisationRequestsForUser = async (userId, req) => {
+  const correlationId = req.id;
+  const organisationRequests = await getPendingRequestsAssociatedWithUser(userId) || [];
+  for (const organisationRequest of organisationRequests) {
+    // Request status 0 is 'pending', 2 is 'overdue' and 3 is 'no approvers'
+    if (organisationRequest.status.id === 0 || organisationRequest.status.id === 2 || organisationRequest.status.id === 3) {
+      logger.info(`Rejecting organisation request with id: ${organisationRequest.id}`, { correlationId });
+      const status = -1;
+      const actionedReason = 'User deactivation';
+      const actionedBy = req.user.sub;
+      const actionedAt = new Date();
+      updateRequestById(organisationRequest.id, status, actionedBy, actionedReason, actionedAt, req.id);
+    }
+  }
+}
+
+const removeAllServicesForUser = async (userId, req) => {
+  const correlationId = req.id;
+  const userServices = await getServicesByUserId(userId) || [];
+  for (const service of userServices) {
+    logger.info(`Removing service from user: ${service.userId} with serviceId: ${service.serviceId} and organisationId: ${service.organisationId}`, { correlationId });
+    removeServiceFromUser(service.userId, service.serviceId, service.organisationId, req.id);
+  }
+}
+
+const removeAllServicesForInvitedUser = async (userId, req) => {
+  const correlationId = req.id;
+  logger.info(`Attemping to remove services from invite with id: ${userId}`, { correlationId });
+  const invitationServiceRecords = await getServicesByInvitationId(userId.substr(4)) || [];
+  for (const serviceRecord of invitationServiceRecords) {
+    logger.info(`Deleting invitation service record for invitationId: ${serviceRecord.invitationId}, serviceId: ${serviceRecord.serviceId} and organisationId: ${serviceRecord.organisationIdId}`, { correlationId });
+    removeServiceFromInvitation(serviceRecord.invitationId, serviceRecord.serviceId, serviceRecord.organisationId, correlationId);
+  }
+}
+
 module.exports = {
     search,
+    searchForBulkUsersPage,
     getUserDetails,
     getUserDetailsById,
     updateUserDetails,
     waitForIndexToUpdate,
     getAllServicesForUserInOrg,
-    mapRole
+    mapRole,
+    rejectOpenUserServiceRequestsForUser,
+    rejectOpenOrganisationRequestsForUser,
+    removeAllServicesForUser,
+    removeAllServicesForInvitedUser,
 };
diff --git a/src/app/users/views/bulkUserActions.ejs b/src/app/users/views/bulkUserActions.ejs
new file mode 100644
index 00000000..788c1fc1
--- /dev/null
+++ b/src/app/users/views/bulkUserActions.ejs
@@ -0,0 +1,35 @@
+<a href="../" class="link-back">Back</a>
+<div class="row">
+    <div class="col-8">
+        <h1 class="heading-xlarge">
+            Bulk user actions
+        </h1>
+        <p class="lede">Add all the emails you wish to work on in the text box, each separted by a comma</p>
+    </div>
+</div>
+<div class="row">
+    <div class="col-12">
+        <form method="post" id="form-new-user">
+            <input type="hidden" name="_csrf" value="<%= csrfToken %>"/>
+            <fieldset>
+                <legend class="vh">Emails</legend>
+                <div class="form-group <%= (locals.validationMessages.emails !== undefined) ? 'form-group-error' : '' %>">
+                    <% if (locals.validationMessages.emails !== undefined) { %>
+                    <p class="error-message" id="validation-emails"><%= locals.validationMessages.emails %></p>
+                    <% } %>
+                    <textarea class="form-control full-width form-group" rows="6" id="emails" name="emails"  placeholder="Input emails separated by a comma"
+                            <% if (locals.validationMessages.emails !== undefined) { %>
+                           aria-invalid="true" aria-describedby="validation-reason"
+                            <% } %>
+                           value="<%= locals.emails %>"></textarea>
+                </div>
+            </fieldset>
+
+            <div class="form-submit submit-buttons">
+                <button type="submit" class="button">Continue</button>
+            </div>
+
+        </form>
+    </div>
+</div>
+
diff --git a/src/app/users/views/bulkUserActionsEmails.ejs b/src/app/users/views/bulkUserActionsEmails.ejs
new file mode 100644
index 00000000..5fc0fdc9
--- /dev/null
+++ b/src/app/users/views/bulkUserActionsEmails.ejs
@@ -0,0 +1,71 @@
+<a href="../" class="link-back">Back</a>
+<div class="row">
+    <div class="col-8">
+        <h1 class="heading-xlarge">
+            Bulk user actions
+        </h1>
+        <p class="lede">Select all the users you want to affect</p>
+    </div>
+</div>
+<div class="row">
+    <div class="col-12">
+        <form method="post" id="form-new-user">
+            <input type="hidden" name="_csrf" value="<%= csrfToken %>"/>
+
+            <div class="col-12 %>">
+                <table class="data">
+                    <thead>
+                    <%
+                    let baseSortUri = ``;
+                    %>
+                    <tr>
+                        <th scope="col" class="cwp-15">Name</th>
+                        <th scope="col" class="cwp-35">Email</th>
+                        <th scope="col" class="cwp-25">Organisation</th>
+                        <th scope="col" class="cwp-15">Last Login</th>
+                        <th scope="col" class="cwp-10">Status</th>
+                        <th scope="col" class="cwp-10">Selected</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <% if(locals.users.length === 0) { %>
+                    <tr>
+                        <td colspan="5"><span class="empty-state">No users found</span></td>
+                    </tr>
+                    <% } %>
+                    <% for (let i = 0; i < locals.users.length; i++) { %>
+                    <tr>
+                        <td><%= users[i].name %></td>
+                        <td><span class="breakable"><%= users[i].email %></span></td>
+                        <td>
+                            <% if(users[i].organisation) { %>
+                            <%= users[i].organisation.name %>
+                            <% }else { %>
+                            Unknown
+                            <% } %>
+                        </td>
+                        <td>
+                            <% if(locals.users[i].lastLogin) { %>
+                            <%= locals.moment(locals.users[i].lastLogin).fromNow() %>
+                            <% } else { %>
+                            Never
+                            <% } %>
+                        </td>
+                        <td><%= users[i].status.description %></td>
+                        <td><input type="checkbox" id="user-<%= users[i].id %>" name="user-<%= users[i].id %>" value="<%= users[i].id %>"></td>
+                    </tr>
+                    <% } %>
+                    </tbody>
+                </table>
+                <input type="checkbox" id="deactivate-users" name="deactivate-users" value="deactivate-users"><label for="deactivate-users">Deactivate users</label><br>
+                <input type="checkbox" id="remove-services-and-requests" name="remove-services-and-requests" value="remove-services-and-requests"><label for="remove-services-and-requests">Remove services and requests</label>
+            </div>
+
+            <div class="form-submit submit-buttons">
+                <button type="submit" class="button">Continue</button>
+            </div>
+
+        </form>
+    </div>
+</div>
+
diff --git a/src/app/users/views/search.ejs b/src/app/users/views/search.ejs
index 5c44cf12..271c5809 100644
--- a/src/app/users/views/search.ejs
+++ b/src/app/users/views/search.ejs
@@ -105,6 +105,7 @@ if (services && services.length > 0) {
             <h2 class="heading-medium">Actions</h2>
             <ul class="list">
                 <li><a href="/users/new-user">Invite user</a></li>
+                <li><a href="/users/bulk-user-actions">Bulk user actions</a></li>
                 <% if (locals.canViewRequests) { %>
                     <li><a href="/access-requests">View user requests</a></li>
                 <% } %>
diff --git a/test/app/users/getBulkUserActions.test.js b/test/app/users/getBulkUserActions.test.js
new file mode 100644
index 00000000..d61cb66d
--- /dev/null
+++ b/test/app/users/getBulkUserActions.test.js
@@ -0,0 +1,44 @@
+const getBulkUserActions = require('./../../../src/app/users/getBulkUserActions');
+
+describe('When processing a get for a bulk user action request', () => {
+  let req;
+  let res;
+
+  beforeEach(() => {
+    req = {
+      method: 'GET',
+      params: {},
+      csrfToken: () => {
+        return 'token';
+      },
+      accepts: () => {
+        return ['text/html'];
+      },
+    };
+
+    res = {
+      render: jest.fn(),
+    };
+  });
+
+  test('then it should render the userDevice view', async () => {
+    await getBulkUserActions(req, res);
+
+    expect(res.render.mock.calls[0][0]).toBe('users/views/bulkUserActions');
+    expect(res.render.mock.calls[0][1]).toMatchObject(
+      {
+        csrfToken: 'token',
+        emails: '',
+        validationMessages: {},
+      },
+    );
+  });
+
+  test('then it should include csrf token', async () => {
+    await getBulkUserActions(req, res);
+
+    expect(res.render.mock.calls[0][1]).toMatchObject({
+      csrfToken: 'token',
+    });
+  });
+});
diff --git a/test/app/users/getBulkUserActionsEmails.test.js b/test/app/users/getBulkUserActionsEmails.test.js
new file mode 100644
index 00000000..5af19b30
--- /dev/null
+++ b/test/app/users/getBulkUserActionsEmails.test.js
@@ -0,0 +1,86 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory({}));
+jest.mock('./../../../src/app/users/utils');
+
+const { searchForBulkUsersPage } = require('../../../src/app/users/utils');
+const getBulkUserActionsEmails = require('../../../src/app/users/getBulkUserActionsEmails');
+
+describe('When processing a get for a bulk user action emails request', () => {
+  let req;
+  let res;
+
+  const userSearchResult = [{
+    id: '34080a9c-fd79-45a6-a092-4756264d5c85',
+    name: 'User One',
+    email: 'user.one@unit.test',
+    organisation: {
+      name: 'Testing school',
+    },
+    lastLogin: null,
+    status: {
+      description: 'Active',
+    },
+  }];
+
+  beforeEach(() => {
+    req = {
+      method: 'GET',
+      session: {
+        emails: 'user.one@unit.test',
+      },
+      params: {},
+      csrfToken: () => {
+        return 'token';
+      },
+      accepts: () => {
+        return ['text/html'];
+      },
+    };
+
+    res = {
+      render: jest.fn(),
+      redirect: jest.fn(),
+    };
+
+    searchForBulkUsersPage.mockReset().mockReturnValue({
+      users: userSearchResult,
+    });
+  });
+
+  it('then it should render the buildUserActionsEmails view', async () => {
+    await getBulkUserActionsEmails(req, res);
+
+    expect(res.render.mock.calls[0][0]).toBe('users/views/bulkUserActionsEmails');
+    expect(res.render.mock.calls[0][1]).toMatchObject(
+      {
+        csrfToken: 'token',
+        users: userSearchResult,
+        validationMessages: {},
+      },
+    );
+  });
+
+  it('then it should include csrf token', async () => {
+    await getBulkUserActionsEmails(req, res);
+
+    expect(res.render.mock.calls[0][1]).toMatchObject({
+      csrfToken: 'token',
+    });
+  });
+
+  it('it should redirect back to /users if emails are not set in session', async () => {
+    req = {
+      method: 'GET',
+      params: {},
+      session: {},
+      csrfToken: () => {
+        return 'token';
+      },
+      accepts: () => {
+        return ['text/html'];
+      },
+    };
+    await getBulkUserActionsEmails(req, res);
+
+    expect(res.redirect.mock.calls[0][0]).toBe('/users');
+  });
+});
diff --git a/test/app/users/postBulkUserActions.test.js b/test/app/users/postBulkUserActions.test.js
new file mode 100644
index 00000000..439b8102
--- /dev/null
+++ b/test/app/users/postBulkUserActions.test.js
@@ -0,0 +1,91 @@
+const { getRequestMock } = require('../../utils');
+const postBulkUserActions = require('../../../src/app/users/postBulkUserActions');
+
+describe('When processing a post for the bulk user actions request', () => {
+  let req;
+  let res;
+
+  beforeEach(() => {
+    req = getRequestMock({
+      body: {
+        emails: 'test@test.com,exampleUser@example.com',
+      },
+    });
+
+    res = {
+      render: jest.fn(),
+      redirect: jest.fn(),
+      flash: jest.fn(),
+    };
+  });
+
+  it('redirects to the bulk-user-actions/email page on success', async () => {
+    await postBulkUserActions(req, res);
+
+    expect(res.redirect.mock.calls).toHaveLength(1);
+    expect(res.redirect.mock.calls[0][0]).toBe('bulk-user-actions/emails');
+    expect(req.session).toMatchObject({ emails: 'test@test.com,exampleUser@example.com' });
+  });
+
+  it('renders the page with an error when no emails are supplied', async () => {
+    const testReq = getRequestMock({
+      body: {
+        emails: '',
+      },
+    });
+    await postBulkUserActions(testReq, res);
+
+    expect(res.render.mock.calls[0][0]).toBe('users/views/bulkUserActions');
+    expect(res.render.mock.calls[0][1]).toMatchObject(
+      {
+        csrfToken: 'token',
+        emails: '',
+        validationMessages: { emails: 'Please enter an email address' },
+      },
+    );
+  });
+
+  it('renders the page with an error when one of the emails is not a valid email', async () => {
+    const testReq = getRequestMock({
+      body: {
+        emails: 'test@test.com,example@example@blah.com',
+      },
+    });
+    await postBulkUserActions(testReq, res);
+
+    expect(res.render.mock.calls[0][0]).toBe('users/views/bulkUserActions');
+    expect(res.render.mock.calls[0][1]).toMatchObject(
+      {
+        csrfToken: 'token',
+        emails: 'test@test.com,example@example@blah.com',
+        validationMessages: { emails: 'Please enter a valid email address for example@example@blah.com' },
+      },
+    );
+  });
+
+  it('removes newline characters and extra spaces around the emails', async () => {
+    const testReq = getRequestMock({
+      body: {
+        emails: 'test@test.com,  example@blah.com  ,&#13;&#10;thirdExample@testing.com',
+      },
+    });
+    await postBulkUserActions(testReq, res);
+
+    expect(res.redirect.mock.calls).toHaveLength(1);
+    expect(res.redirect.mock.calls[0][0]).toBe('bulk-user-actions/emails');
+    expect(testReq.session).toMatchObject({ emails: 'test@test.com,example@blah.com,thirdExample@testing.com' });
+  });
+
+  it('removes duplicate emails', async () => {
+    const testReq = getRequestMock({
+      body: {
+        emails: 'test@test.com,test@test.com,example@blah.com',
+      },
+    });
+    await postBulkUserActions(testReq, res);
+
+    expect(res.redirect.mock.calls).toHaveLength(1);
+    expect(res.redirect.mock.calls[0][0]).toBe('bulk-user-actions/emails');
+    expect(testReq.session).toMatchObject({ emails: 'test@test.com,example@blah.com' });
+  });
+});
diff --git a/test/app/users/postBulkUserActionsEmails.test.js b/test/app/users/postBulkUserActionsEmails.test.js
new file mode 100644
index 00000000..e505677d
--- /dev/null
+++ b/test/app/users/postBulkUserActionsEmails.test.js
@@ -0,0 +1,146 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory({}));
+jest.mock('./../../../src/app/users/utils');
+jest.mock('./../../../src/infrastructure/directories');
+
+const { getRequestMock } = require('../../utils');
+//const { deactivate } = require('../../../src/infrastructure/directories');
+const { getUserDetailsById, searchForBulkUsersPage } = require('../../../src/app/users/utils');
+const postBulkUserActionsEmails = require('../../../src/app/users/postBulkUserActionsEmails');
+
+describe('When processing a post for the bulk user actions emails request for users', () => {
+  let req;
+  let res;
+
+  beforeEach(() => {
+    const userSearchResult = [{
+      id: '34080a9c-fd79-45a6-a092-4756264d5c85',
+      name: 'User One',
+      email: 'user.one@unit.test',
+      organisation: {
+        name: 'Testing school',
+      },
+      lastLogin: null,
+      status: {
+        description: 'Active',
+      },
+    }];
+
+    req = getRequestMock({
+      session: {
+        emails: 'user.one@unit.test',
+      },
+      body: {
+        'deactivate-users': 'deactivate-users',
+        'remove-services-and-requests': 'remove-services-and-requests',
+        'user-34080a9c-fd79-45a6-a092-4756264d5c85': '34080a9c-fd79-45a6-a092-4756264d5c85',
+      },
+    });
+
+    res = {
+      render: jest.fn(),
+      redirect: jest.fn(),
+      flash: jest.fn(),
+    };
+
+    searchForBulkUsersPage.mockReset().mockReturnValue({
+      users: userSearchResult,
+    });
+    getUserDetailsById.mockReset().mockReturnValue(userSearchResult);
+  });
+
+  it('redirects to the /users page on success when an user and an action is ticked', async () => {
+    await postBulkUserActionsEmails(req, res);
+
+    expect(res.redirect.mock.calls).toHaveLength(1);
+    expect(res.redirect.mock.calls[0][0]).toBe('/users');
+    expect(req.session.emails).toBe('');
+  });
+
+  it('renders the page with an error when no users are ticked', async () => {
+    req = getRequestMock({
+      session: {
+        emails: 'user.one@unit.test',
+      },
+      body: {
+        'deactivate-users': 'deactivate-users',
+      },
+    });
+    await postBulkUserActionsEmails(req, res);
+
+    expect(res.render.mock.calls[0][0]).toBe('users/views/bulkUserActionsEmails');
+    expect(res.render.mock.calls[0][1]).toMatchObject(
+      {
+        csrfToken: 'token',
+        validationMessages: { users: 'At least 1 user needs to be ticked' },
+      },
+    );
+  });
+
+  it('renders the page with an error when no actions are ticked', async () => {
+    req = getRequestMock({
+      session: {
+        emails: 'user.one@unit.test',
+      },
+      body: {
+        'user-abc-123': 'abc-123',
+      },
+    });
+    await postBulkUserActionsEmails(req, res);
+
+    expect(res.render.mock.calls[0][0]).toBe('users/views/bulkUserActionsEmails');
+    expect(res.render.mock.calls[0][1]).toMatchObject(
+      {
+        csrfToken: 'token',
+        validationMessages: { actions: 'At least 1 action needs to be ticked' },
+      },
+    );
+  });
+});
+
+describe('When processing a post for the bulk user actions emails request for invited users', () => {
+  let req;
+  let res;
+
+  beforeEach(() => {
+    const userSearchResult = [{
+      id: 'inv-9a44a8f1-572d-47dd-b12b-415d2f5aaa63',
+      name: 'User One',
+      email: 'user.one@unit.test',
+      organisation: {
+        name: 'Testing school',
+      },
+      lastLogin: null,
+      status: {
+        description: 'Invited',
+      },
+    }];
+
+    req = getRequestMock({
+      session: {
+        emails: 'user.one@unit.test',
+      },
+      body: {
+        'deactivate-users': 'deactivate-users',
+        'remove-services-and-requests': 'remove-services-and-requests',
+        'user-inv-9a44a8f1-572d-47dd-b12b-415d2f5aaa63': 'inv-9a44a8f1-572d-47dd-b12b-415d2f5aaa63',
+      },
+    });
+
+    res = {
+      render: jest.fn(),
+      redirect: jest.fn(),
+      flash: jest.fn(),
+    };
+
+    searchForBulkUsersPage.mockReset().mockReturnValue(userSearchResult);
+    getUserDetailsById.mockReset().mockReturnValue({ id: 'inv-34080a9c-fd79-45a6-a092-4756264d5c85', status: { id: -1 } });
+  });
+
+  it('redirects to the /users page on success when an invited user is ticked', async () => {
+    await postBulkUserActionsEmails(req, res);
+
+    expect(res.redirect.mock.calls).toHaveLength(1);
+    expect(res.redirect.mock.calls[0][0]).toBe('/users');
+    expect(req.session.emails).toBe('');
+  });
+});
diff --git a/test/app/users/postConfirmInvitationDeactivate.test.js b/test/app/users/postConfirmInvitationDeactivate.test.js
index f321e53a..a8f7b7b5 100644
--- a/test/app/users/postConfirmInvitationDeactivate.test.js
+++ b/test/app/users/postConfirmInvitationDeactivate.test.js
@@ -64,7 +64,7 @@ describe('When processing a post for a user invitation deactivate request', () =
     expect(deactivateInvite.mock.calls[0][1]).toBe('some selected reason for deactivation');
     expect(deactivateInvite.mock.calls[0][2]).toBe(req.id);
   });
-  
+
   test('when given a reason from the select menu and further information in the textarea, it updates the user setting status to deactivated', async () => {
     req = getRequestMock({
       body: {
diff --git a/test/app/users/utils.rejectOpenOrganisationRequestsForUser.test.js b/test/app/users/utils.rejectOpenOrganisationRequestsForUser.test.js
new file mode 100644
index 00000000..10fa65da
--- /dev/null
+++ b/test/app/users/utils.rejectOpenOrganisationRequestsForUser.test.js
@@ -0,0 +1,135 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory());
+jest.mock('./../../../src/infrastructure/organisations');
+
+const { getPendingRequestsAssociatedWithUser, updateRequestById } = require('../../../src/infrastructure/organisations');
+const { rejectOpenOrganisationRequestsForUser } = require('../../../src/app/users/utils');
+
+describe('When removing all services for a user', () => {
+  const userId = 'user-1';
+  let req;
+
+  beforeEach(() => {
+    getPendingRequestsAssociatedWithUser.mockReset().mockReturnValue([{
+      id: 'requestId',
+      org_id: 'org1',
+      org_name: 'org name',
+      urn: null,
+      ukprn: null,
+      uid: null,
+      org_status: {
+        id: 1,
+        name: 'Open',
+      },
+      user_id: 'user 1',
+      created_at: '12/12/2019',
+      status: {
+        id: 0,
+        name: 'pending',
+      },
+    }]);
+    // Returns 204 on success
+    updateRequestById.mockReset().mockReturnValue(undefined);
+
+    req = {
+      id: 'correlation-id',
+      user: {
+        sub: 'suser1',
+        email: 'super.user@unit.test',
+      },
+    };
+  });
+
+  it('then it should get user from users index', async () => {
+    await rejectOpenOrganisationRequestsForUser(userId, req);
+
+    expect(getPendingRequestsAssociatedWithUser.mock.calls).toHaveLength(1);
+    expect(getPendingRequestsAssociatedWithUser.mock.calls[0][0]).toBe('user-1');
+    expect(updateRequestById.mock.calls).toHaveLength(1);
+  });
+
+  it('should continue to work when getPendingRequestsAssociatedWithUser returns null on a 404 or 401', async () => {
+    getPendingRequestsAssociatedWithUser.mockReset().mockReturnValue(null);
+    await rejectOpenOrganisationRequestsForUser(userId, req);
+    expect(updateRequestById.mock.calls).toMatchObject([]);
+  });
+
+  it('should call updateRequestById when the returned request has a status of 0, 2 or 3', async () => {
+    getPendingRequestsAssociatedWithUser.mockReset().mockReturnValue([{
+      id: '0b62b8da-2a6e-4c66-9f32-a7b784ff4f65',
+      org_id: 'org1',
+      org_name: 'org name',
+      urn: null,
+      ukprn: null,
+      uid: null,
+      org_status: {
+        id: 1,
+        name: 'Open',
+      },
+      user_id: 'user 1',
+      created_at: '12/12/2019',
+      status: {
+        id: 0,
+        name: 'pending',
+      },
+    },
+    {
+      id: '42e765df-d1ce-4bc1-843c-71d5f69ad2ed',
+      org_id: 'org1',
+      org_name: 'org name',
+      urn: null,
+      ukprn: null,
+      uid: null,
+      org_status: {
+        id: 1,
+        name: 'Open',
+      },
+      user_id: 'user 1',
+      created_at: '12/12/2019',
+      status: {
+        id: 2,
+        name: 'overdue',
+      },
+    },
+    {
+      id: '2fc17d50-d641-4175-895e-e7bbba65c25e',
+      org_id: 'org1',
+      org_name: 'org name',
+      urn: null,
+      ukprn: null,
+      uid: null,
+      org_status: {
+        id: 1,
+        name: 'Open',
+      },
+      user_id: 'user 1',
+      created_at: '12/12/2019',
+      status: {
+        id: 3,
+        name: 'No approver',
+      },
+    },
+    {
+      id: 'ed383257-2091-41ed-8422-5c59deb19b02',
+      org_id: 'org1',
+      org_name: 'org name',
+      urn: null,
+      ukprn: null,
+      uid: null,
+      org_status: {
+        id: 1,
+        name: 'Open',
+      },
+      user_id: 'user 1',
+      created_at: '12/12/2019',
+      status: {
+        id: -1,
+        name: 'rejected',
+      },
+    }]);
+    await rejectOpenOrganisationRequestsForUser(userId, req);
+    expect(updateRequestById.mock.calls).toHaveLength(3);
+    expect(updateRequestById.mock.calls[0][0]).toEqual('0b62b8da-2a6e-4c66-9f32-a7b784ff4f65');
+    expect(updateRequestById.mock.calls[1][0]).toEqual('42e765df-d1ce-4bc1-843c-71d5f69ad2ed');
+    expect(updateRequestById.mock.calls[2][0]).toEqual('2fc17d50-d641-4175-895e-e7bbba65c25e');
+  });
+});
diff --git a/test/app/users/utils.rejectOpenUserServiceRequestsForUser.test.js b/test/app/users/utils.rejectOpenUserServiceRequestsForUser.test.js
new file mode 100644
index 00000000..f707f0ec
--- /dev/null
+++ b/test/app/users/utils.rejectOpenUserServiceRequestsForUser.test.js
@@ -0,0 +1,98 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory());
+jest.mock('./../../../src/infrastructure/access');
+
+const { getUserServiceRequestsByUserId, updateUserServiceRequest } = require('../../../src/infrastructure/access');
+const { rejectOpenUserServiceRequestsForUser } = require('../../../src/app/users/utils');
+
+describe('When rejecting all open service requests for a user', () => {
+  const userId = 'user-1';
+  let req;
+
+  beforeEach(() => {
+    getUserServiceRequestsByUserId.mockReset().mockReturnValue([{
+      id: '88a1ed39-5a98-43da-b66e-78e564ea72b0',
+      userId: '01A52B72-AE88-47BC-800B-E7DFFCE54344',
+      serviceId: '7B7E2D82-1228-4547-907C-40A2A35D0704',
+      organisationId: '11BE2E1F-4227-4FDE-81D9-14B1E3322D48',
+      status: 2,
+      createdAt: '2024-06-04T09:47:36.718Z',
+      updatedAt: '2024-06-09T00:00:00.173Z',
+      requestType: 'service',
+    }]);
+
+    req = {
+      id: 'correlation-id',
+      user: {
+        sub: 'suser1',
+        email: 'super.user@unit.test',
+      },
+    };
+  });
+
+  it('should remove one if one is returned by getUserServiceRequestsByUserId', async () => {
+    await rejectOpenUserServiceRequestsForUser(userId, req);
+
+    expect(getUserServiceRequestsByUserId.mock.calls).toHaveLength(1);
+    expect(getUserServiceRequestsByUserId.mock.calls[0][0]).toBe('user-1');
+    expect(updateUserServiceRequest.mock.calls).toHaveLength(1);
+    expect(updateUserServiceRequest.mock.calls[0][0]).toBe('88a1ed39-5a98-43da-b66e-78e564ea72b0');
+  });
+
+  it('should continue to work when getUserServiceRequestsByUserId returns undefined on a 404', async () => {
+    getUserServiceRequestsByUserId.mockReset().mockReturnValue(undefined);
+    await rejectOpenUserServiceRequestsForUser(userId, req);
+
+    expect(getUserServiceRequestsByUserId.mock.calls).toHaveLength(1);
+    expect(getUserServiceRequestsByUserId.mock.calls[0][0]).toBe('user-1');
+    expect(updateUserServiceRequest.mock.calls).toHaveLength(0);
+  });
+
+  it('should call updateUserServiceRequest when the returned request has a status of 0, 2 or 3 only', async () => {
+    getUserServiceRequestsByUserId.mockReset().mockReturnValue([{
+      id: '88a1ed39-5a98-43da-b66e-78e564ea72b0',
+      userId: '01A52B72-AE88-47BC-800B-E7DFFCE54344',
+      serviceId: '7B7E2D82-1228-4547-907C-40A2A35D0704',
+      organisationId: '11BE2E1F-4227-4FDE-81D9-14B1E3322D48',
+      status: 0,
+      createdAt: '2024-06-04T09:47:36.718Z',
+      updatedAt: '2024-06-09T00:00:00.173Z',
+      requestType: 'service',
+    },
+    {
+      id: 'dd657fbb-65b6-4b08-bab8-6d85069b59fa',
+      userId: '01A52B72-AE88-47BC-800B-E7DFFCE54344',
+      serviceId: '1dbafbb3-be86-462f-9fd2-d6681ab2873a',
+      organisationId: '11BE2E1F-4227-4FDE-81D9-14B1E3322D48',
+      status: 2,
+      createdAt: '2024-06-04T09:47:36.718Z',
+      updatedAt: '2024-06-09T00:00:00.173Z',
+      requestType: 'service',
+    },
+    {
+      id: 'e3a843d1-0866-4e9f-904f-391bfb769c2d',
+      userId: '01A52B72-AE88-47BC-800B-E7DFFCE54344',
+      serviceId: '1dbafbb3-be86-462f-9fd2-d6681ab2873a',
+      organisationId: '11BE2E1F-4227-4FDE-81D9-14B1E3322D48',
+      status: 3,
+      createdAt: '2024-06-04T09:47:36.718Z',
+      updatedAt: '2024-06-09T00:00:00.173Z',
+      requestType: 'service',
+    },
+    {
+      id: '2adfac19-d682-4940-8b2f-0b82747e0daa',
+      userId: '01A52B72-AE88-47BC-800B-E7DFFCE54344',
+      serviceId: '91207517-8429-4388-9961-473df046d09e',
+      organisationId: '11BE2E1F-4227-4FDE-81D9-14B1E3322D48',
+      status: -1,
+      createdAt: '2024-06-04T09:47:36.718Z',
+      updatedAt: '2024-06-09T00:00:00.173Z',
+      requestType: 'service',
+    }]);
+    await rejectOpenUserServiceRequestsForUser(userId, req);
+
+    expect(updateUserServiceRequest.mock.calls).toHaveLength(3);
+    expect(updateUserServiceRequest.mock.calls[0][0]).toEqual('88a1ed39-5a98-43da-b66e-78e564ea72b0');
+    expect(updateUserServiceRequest.mock.calls[1][0]).toEqual('dd657fbb-65b6-4b08-bab8-6d85069b59fa');
+    expect(updateUserServiceRequest.mock.calls[2][0]).toEqual('e3a843d1-0866-4e9f-904f-391bfb769c2d');
+  });
+});
diff --git a/test/app/users/utils.removeAllServicesForInvitedUser.test.js b/test/app/users/utils.removeAllServicesForInvitedUser.test.js
new file mode 100644
index 00000000..4eae3e47
--- /dev/null
+++ b/test/app/users/utils.removeAllServicesForInvitedUser.test.js
@@ -0,0 +1,44 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory());
+jest.mock('./../../../src/infrastructure/access');
+
+const { getServicesByInvitationId, removeServiceFromInvitation } = require('../../../src/infrastructure/access');
+const { removeAllServicesForInvitedUser } = require('../../../src/app/users/utils');
+
+describe('When getting user details', () => {
+  const userId = 'inv-user-id';
+  let req;
+
+  beforeEach(() => {
+    getServicesByInvitationId.mockReset().mockReturnValue([{
+      userId: 'inv-user-id',
+      invitationId: 'invitation-id',
+      serviceId: 'service-id',
+      organisationId: 'organisation-id',
+      roles: ['role1'],
+      identifiers: [{ key: 'some', value: 'thing' }],
+    }]);
+    // Returns 204 on success
+    removeServiceFromInvitation.mockReset().mockReturnValue(undefined);
+
+    req = {
+      id: 'correlation-id',
+    };
+  });
+
+  it('then it should get user from users index', async () => {
+    await removeAllServicesForInvitedUser(userId, req);
+
+    expect(getServicesByInvitationId.mock.calls).toHaveLength(1);
+    expect(getServicesByInvitationId.mock.calls[0][0]).toBe('user-id');
+    expect(removeServiceFromInvitation.mock.calls).toHaveLength(1);
+  });
+
+  it('should continue to work when getServicesByInvitationId returns undefined on a 404', async () => {
+    getServicesByInvitationId.mockReset().mockReturnValue(undefined);
+    await removeAllServicesForInvitedUser(userId, req);
+
+    expect(getServicesByInvitationId.mock.calls).toHaveLength(1);
+    expect(getServicesByInvitationId.mock.calls[0][0]).toBe('user-id');
+    expect(removeServiceFromInvitation.mock.calls).toHaveLength(0);
+  });
+});
diff --git a/test/app/users/utils.removeAllServicesForUser.test.js b/test/app/users/utils.removeAllServicesForUser.test.js
new file mode 100644
index 00000000..6e6714eb
--- /dev/null
+++ b/test/app/users/utils.removeAllServicesForUser.test.js
@@ -0,0 +1,50 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory());
+jest.mock('./../../../src/infrastructure/access');
+
+const { getServicesByUserId, removeServiceFromUser } = require('../../../src/infrastructure/access');
+const { removeAllServicesForUser } = require('../../../src/app/users/utils');
+
+describe('When removing all services for a user', () => {
+  const userId = 'user-1';
+  let req;
+
+  beforeEach(() => {
+    getServicesByUserId.mockReset().mockReturnValue([
+      {
+        userId: 'user-1',
+        serviceId: 'service1Id',
+        organisationId: 'organisation-1',
+        roles: [],
+      },
+      {
+        userId: 'user-1',
+        serviceId: 'service2Id',
+        organisationId: 'organisation-1',
+        roles: [],
+      },
+    ]);
+    // Returns 204 on success
+    removeServiceFromUser.mockReset().mockReturnValue(undefined);
+
+    req = {
+      id: 'correlation-id',
+    };
+  });
+
+  it('then it should get user from users index', async () => {
+    await removeAllServicesForUser(userId, req);
+
+    expect(getServicesByUserId.mock.calls).toHaveLength(1);
+    expect(getServicesByUserId.mock.calls[0][0]).toBe('user-1');
+    expect(removeServiceFromUser.mock.calls).toHaveLength(2);
+  });
+
+  it('should continue to work when getServicesByInvitationId returns undefined on a 404', async () => {
+    getServicesByUserId.mockReset().mockReturnValue(undefined);
+    await removeAllServicesForUser(userId, req);
+
+    expect(getServicesByUserId.mock.calls).toHaveLength(1);
+    expect(getServicesByUserId.mock.calls[0][0]).toBe('user-1');
+    expect(removeServiceFromUser.mock.calls).toHaveLength(0);
+  });
+});
diff --git a/test/app/users/utils.search.test.js b/test/app/users/utils.search.test.js
index fa02b288..700a7073 100644
--- a/test/app/users/utils.search.test.js
+++ b/test/app/users/utils.search.test.js
@@ -203,6 +203,19 @@ describe('When processing a user search request', () => {
       });
     });
 
+    test('then it should not search and return validation error if criteria has special characters in it', async () => {
+      req.query.criteria = 'test!"£$%^&*@test.com';
+
+      const result = await search(req);
+
+      expect(searchForUsers).not.toHaveBeenCalled();
+      expect(result).toEqual({
+        validationMessages: {
+          criteria: 'Special characters cannot be used',
+        },
+      });
+    });
+
     test('then it should include posted criteria', async () => {
       const actual = await search(req);
 
diff --git a/test/app/users/utils.searchForBulkUsersPage.test.js b/test/app/users/utils.searchForBulkUsersPage.test.js
new file mode 100644
index 00000000..057b799a
--- /dev/null
+++ b/test/app/users/utils.searchForBulkUsersPage.test.js
@@ -0,0 +1,94 @@
+jest.mock('./../../../src/infrastructure/config', () => require('../../utils').configMockFactory());
+jest.mock('./../../../src/infrastructure/users', () => ({
+  search: jest.fn().mockReturnValue([]),
+}));
+jest.mock('./../../../src/infrastructure/search', () => ({
+  searchForUsers: jest.fn(),
+}));
+jest.mock('./../../../src/infrastructure/logger', () => require('../../utils').loggerMockFactory());
+
+const logger = require('../../../src/infrastructure/logger');
+const { searchForUsers } = require('../../../src/infrastructure/search');
+const { searchForBulkUsersPage } = require('../../../src/app/users/utils');
+
+describe('When processing a user search request', () => {
+  let usersSearchResult;
+  const email = 'test@test.com';
+
+  beforeEach(() => {
+    usersSearchResult = {
+      users: [
+        {
+          name: 'Timmy Tester',
+          email: 'timmy@tester.test',
+          organisation: {
+            name: 'Testco',
+          },
+          lastLogin: new Date(2018, 0, 11, 11, 30, 57),
+          status: {
+            description: 'Active',
+          },
+        },
+      ],
+      numberOfPages: 1,
+    };
+    searchForUsers.mockReset().mockReturnValue(usersSearchResult);
+
+    logger.audit.mockReset();
+  });
+
+  describe('and the request is a GET', () => {
+    let req;
+
+    beforeEach(() => {
+      req = {
+        method: 'GET',
+        user: {
+          sub: 'user1',
+          email: 'user.one@unit.test',
+        },
+      };
+      req.session = jest.fn().mockReturnValue({ params: { ...req.query, redirectedFromOrganisations: true } });
+    });
+
+    test('then it should include the users from the adapter using supplier criteria', async () => {
+      const actual = await searchForBulkUsersPage(email);
+
+      expect(actual).toMatchObject({
+        users: usersSearchResult.users,
+      });
+      expect(searchForUsers.mock.calls[0][0]).toBe('test@test.com*');
+    });
+
+    test('then it should not search and return validation error if criteria does not meet minimum length', async () => {
+      const emptyEmail = '';
+
+      const result = await searchForBulkUsersPage(emptyEmail);
+
+      expect(searchForUsers).not.toHaveBeenCalled();
+      expect(result).toEqual({
+        validationMessages: {
+          criteria: 'Please enter at least 4 characters',
+        },
+      });
+    });
+
+    test('then it should not search and return validation error if criteria does not meet minimum length', async () => {
+      const specialCharactersEmail = 'test!"£$%&*@test.com';
+
+      const result = await searchForBulkUsersPage(specialCharactersEmail);
+
+      expect(searchForUsers).not.toHaveBeenCalled();
+      expect(result).toEqual({
+        validationMessages: {
+          criteria: 'Special characters cannot be used',
+        },
+      });
+    });
+
+    test('then it should include posted criteria', async () => {
+      const actual = await searchForBulkUsersPage(email);
+      expect(actual).toMatchObject({ users: usersSearchResult.users });
+    });
+  });
+});