Managing User Accounts
You can manage user accounts to resolve issues such as locked accounts, lost or stolen mobile devices, and possible logon XSRF attacks.
Context
You perform actions of this kind for users when they have installed an authenticator application on their mobile devices and have set up their devices in the Mobile Device Setup user interface (UI). The authenticator is a mobile application that generates passcodes for systems that require one-time password authentication.
You can perform the following user management actions:
-
Advanced user searches
You can filter your user search by passcode length, digest algorithm used for passcode generation, user account expiration (with the Expires in field), and user account status (with the OTP Status field). If you search by OTP Status, you have the following options: Enabled (search for users with active accounts); Expired (search for users with expired accounts); Expires soon (search for users whose accounts are within the expiration warning period defined under the Settings tab); Locked (search for users whose accounts are locked); and Not Confirmed (search for users who have not yet provided the confirmation code and have not canceled the online account setup).
-
Unlocking user accounts
You can unlock user accounts if the users need the account before the automatic unlock time has passed. For more information about the additional settings, see Related Information.
-
Disabling users
You can disable user accounts, and then users are supposed to remove those accounts from their mobile devices. Users can also disable their accounts in the Mobile Device Setup UI if they have more than one registered device.
-
Removing remembered clients (persistent cookies)
If you have set this option for single-factor or two-factor authentication under the Settings tab of the One-Time Password Administration UI, you can revoke this cookie. You revoke the cookies by choosing the Unregister Clients button for the selected users.
-
Setting a new validity for user accounts
You can set a new validity period for user accounts or their secret keys (a user account is active as long as its secret key is valid). The default validity is specified under the Settings tab. For more information about the additional settings, see Related Information.