...
But first, you need to configure WSO2 Identity Server for user account locking and disabling. Follow the below steps to do this configuration.
| Warning |
|---|
The instructions given on this page follow the recommended approach for account locking and account disabling in WSO2 Identity Server, which is to use the governance Prior to the WSO2 IS 5.2.0 release, account locking and account disabling was configured in a different way. If you require documentation with regard to the old method for backward compatibility, see the WSO2 IS 5.2.0 documentation. |
- Start the Identity Server and log into the management console using your tenant credentials.
- Click Resident under Identity Providers found in the Main tab.
- Expand the Login Policies tab.
Expand the Account Disabling tab and select the Enable Account Disabling checkbox. Click Update to save changes.
Tip title Disable the account disabling feature To disable the account disabling option, unselect the Enable Account Disabling in each of the tenants that you wish to disable this option for.
Alternatively, disable this feature for all tenants by doing the following.
Open the
identity-event.propertiesfile found in the<IS_HOME>/repository/conf/identityfolder.Set the following property to false to disable account disabling. This will remove the account disabling option from all tenants.
Code Block account.disable.handler.enable=false
- Next, enable account locking. Expand the Login Policies tab.
Expand the Account Locking tab and select the Account Lock Enabled checkbox. Click Update to save changes.
Tip title Tip If a user is assigned the Internal/system role, the user can bypass account locking even if the user exceeds the specified number of Maximum Failed Login Attempts.
Noteexpand title NoteClick here to see more information WSO2 Identity Server has the Internal/system role configured by default. But generally a new user is not assigned the Internal/system role by default. Required roles can be assigned to a user depending on the set of permission a user needs to have. For more information on roles and permission, see Configuring Roles and Permissions.
Although the Internal/system role is configured by default in WSO2 Identity Server, you can delete the role if necessary. To allow users with the Internal/system role to bypass account locking, you need to ensure that the role exists in WSO2 Identity Server.
- To enable account locking and disabling for other tenants, log out and repeat the steps given above from step 2 onwards.
...
Navigate to Main>Claims>List and click on 'http://wso2.org/claims'.
Edit the Account Disabled claim. See Editing Claim Mapping for more information on how to do this.
- Tick the checkbox Supported by Default and click Update.
- Navigate to Main>Users and Roles>List>Users and click on User Profile of the user account that you want to disable.
- Tick the Account Disabled checkbox and click Update.
Switch off account disabling
If you want to switch off the account disabling option, follow the steps below.
The following section provides instructions on how to disable (switch-off) the account disabling feature. You may do this if you want to prevent even administrative users from disabling accounts.
Open the
identity-event.propertiesfile found in the<IS_HOME>/repository/conf/identityfolder.- Set the following property to false to disable account disabling. This will remove the account disabling option from all tenants.
Code Block
| Tip |
|---|
...
To disable or enable this option for tenant-wise, do the following:
- Start WSO2 Identity Server and log in to the management console using tenant credentials.
Click List under Identity Providers and then click Resident Identity Provider.
- Expand Login Policies>Account Disabling and select/unselect the Enable Account Disabling checkbox accordingly.
...
Alternatively, instead of using the management console, you can also enable/disable the user account using |
...
the |
...
method in |
...
...
after you have configured WSO2 IS for account disabling. |
Sending email notifications for account disabling
...