Managing Locked and Disabled Accounts
  • 09 Sep 2022
  • 1 Minute to read
  • Dark
    Light

Managing Locked and Disabled Accounts

  • Dark
    Light

 

This article version is deprecated. A Locked Account Delegation appears by default for Administrators.

Article summary

How to Manage Locked or Disabled Users Accounts

RapidIdentity Cloud user accounts can become locked when the maximum number of failed logins is exceeded and they can become disabled via an administrative or automated action.

When a user account is locked or disabled, the user is prohibited from accessing their account.

To gain visibility into which user accounts are locked or disabled and take corrective actions, a People module Delegation can be created. This delegation lists the users meeting specific criteria such as locked or disabled and provides actions to remediate, unlock or enable, them.

Follow these steps to create this delegation:

Note:

You must have administrative privilages such as Portal Administrator or Tenant Administrator to create and manage delegations

  1. Clone and modify an existing delegation by navigating to People > Settings > Delegations
    image.png

  2. Select the checkbox for the Other Profiles delegation, or any delegation of your choice, and Clone it.
    image.png

  3. Locate the newly copied delegation and click Details to configure it.

  4. Set the General tab settings to the following:

    1. Enabled: checked
    2. Name: Disabled or Locked User Accounts
    3. Description: User accounts which are disabled or locked and related actions.
    4. Preload All Results: checked
    5. Delegation Source: add or remove Appliance Roles as needed
    6. Delegation Target: (&(objectClass=idautoPerson)(|(pwdAccountLockedTime=*)(idautoDisabled=TRUE)))
  5. Click the Attributes button to edit attribute settings and display two relevant items:

    1. Locate and edit these attributes to Show In List:
      1. Account Disabled
      2. Account Locked
      3. Click Update button to apply the changes
    Note:

    Feel free to add, remove or change other attributes as desired

    image.png

  6. Set the Actions tab to include the following actions: (other actions are optional)

    1. Change Password
    2. Enable
    3. Unlock
  7. Save the changes to the Delegation

Follow these steps to use the new newly created delegation:

  1. Locate the Delegation in the sidebar delegations list and select it.

    Note:

    Users which are either locked and disabled will be listed with their status in the respective columns.

  2. Check the box for the user(s) you want to take action on.

  3. Click the appropriate action for the user account.
    image.png

Note:

If only locked user accounts are of interest in the delegation:

  • Use this Delegation Target value instead: (&(objectClass=idautoPerson)(pwdAccountLockedTime=*))

  • Do not Show In List the Account Disabled attribute


Was this article helpful?

What's Next
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence