Contents x
    Managing Locked and Disabled Accounts
    • 09 Sep 2022
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Managing Locked and Disabled Accounts

    • Updated on 09 Sep 2022
    • 1 Minute to read
    • Print
    • Dark
      Light
     

    This article version is deprecated. A Locked Account Delegation appears by default for Administrators.

    Article Summary

    How to Manage Locked or Disabled Users Accounts

    RapidIdentity Cloud user accounts can become locked when the maximum number of failed logins is exceeded and they can become disabled via an administrative or automated action.

    When a user account is locked or disabled, the user is prohibited from accessing their account.

    To gain visibility into which user accounts are locked or disabled and take corrective actions, a People module Delegation can be created. This delegation lists the users meeting specific criteria such as locked or disabled and provides actions to remediate, unlock or enable, them.

    Follow these steps to create this delegation:

    Note:

    You must have administrative privilages such as Portal Administrator or Tenant Administrator to create and manage delegations

    1. Clone and modify an existing delegation by navigating to People > Settings > Delegations
      image.png

    2. Select the checkbox for the Other Profiles delegation, or any delegation of your choice, and Clone it.
      image.png

    3. Locate the newly copied delegation and click Details to configure it.

    4. Set the General tab settings to the following:

      1. Enabled: checked
      2. Name: Disabled or Locked User Accounts
      3. Description: User accounts which are disabled or locked and related actions.
      4. Preload All Results: checked
      5. Delegation Source: add or remove Appliance Roles as needed
      6. Delegation Target: (&(objectClass=idautoPerson)(|(pwdAccountLockedTime=*)(idautoDisabled=TRUE)))

    5. Click the Attributes button to edit attribute settings and display two relevant items:

      1. Locate and edit these attributes to Show In List:
        1. Account Disabled
        2. Account Locked
        3. Click Update button to apply the changes
      Note:

      Feel free to add, remove or change other attributes as desired

      image.png

    6. Set the Actions tab to include the following actions: (other actions are optional)

      1. Change Password
      2. Enable
      3. Unlock

    7. Save the changes to the Delegation

    Follow these steps to use the new newly created delegation:

    1. Locate the Delegation in the sidebar delegations list and select it.

      Note:

      Users which are either locked and disabled will be listed with their status in the respective columns.

    2. Check the box for the user(s) you want to take action on.

    3. Click the appropriate action for the user account.
      image.png

    Note:

    If only locked user accounts are of interest in the delegation:

    • Use this Delegation Target value instead: (&(objectClass=idautoPerson)(pwdAccountLockedTime=*))

    • Do not Show In List the Account Disabled attribute

    Was this article helpful?
    What's Next