Account locking is a security feature in Identity Server that prevents users from logging in to their account and from authenticating themselves using their IS account. A user account can be locked in one of the following ways:
...
- Start the IS server if you have not already and log in to the management console using admin credentials.
- Navigate to Claims>List on the Configure menu and select the http://wso2.org/claims claim dialect. For more information about claims, see Claim Management.
- Select the Account Locked claim and click Edit.
- Select the "Supported by Default" checkbox and click Update. This is done to make the "Account Locked" status appear in the user's profile.
- Navigate to Users and Roles>List>Users on the Main menu and click on User Profile of the user you want to lock.
- If it is the first time this particular account is being locked, a textbox will appear in front of the Account Locked field as seen below. To lock the account, type true in the textbox and click Update.
...
| Note |
|---|
If it is not the first time you are locking this user account, there will be a checkbox instead of the textbox shown above in front of the Account Locked field. Select the checkbox to lock the account or unselect it to unlock the account and click Update. |
...
Using the AdminService
An administrative user (with the permission level /permission/admin/configure/security/usermgt/users ) can lock a user account using the UserIdentityManagementAdminService . The admin service provides the lockUserAccount operation to achieve this. The following request is a sample SOAP request that can be sent to the UserIdentityManagementAdminService to lock a user account.
...