Locking or Unlocking Users

Use

Locked users are deactivated and cannot access applications. There are two ways of locking users:

Automatically

The system can lock a user automatically if the user tries to log on too many times with the wrong password. This is a password lock. Optionally the system can unlock the user automatically after a configurable amount of time elapses. These are configured with the following settings:
- Maximum Number of Failed Logon Attempts
- Auto Unlock Time
  
  Note
  
  The auto unlock function does not reset the number of failed logon attempts for a user account. This is only reset by a successful logon or by the administrator explicitly unlocking the user. After the system auto unlocks a user, the user has only one chance to log on successfully. If the user fails to log on, the system immediately locks the account again.
Explicitly

An administrator can lock a user using the procedure described below. The administrator must subsequently unlock the account for the user to regain access to the system.

The following procedure describes how an administrator explicitly locks or unlocks a user.

In the search results list, select a user.

Use the advanced search to find locked users. On the Account Information tab, choose one of the following options:
- Select the Password Locked checkbox to find users, whose accounts have been locked automatically (due to failed logon attempts).
  
  Note
  
  If you use a directory server as the data source, searching for locked passwords finds no users. You cannot search a directory server for users with locked passwords.
- Select the User Account Locked checkbox to find users, whose accounts have been locked explicitly by the administrator.
Choose the Lock or Unlock pushbutton as required.

You are prompted to write a reason for locking or unlocking the user. The system sends this text to the user, if you have enabled e-mail notification. The text is also stored in the user's account history.
Enter a text and choose the Lock or Unlock pushbutton.