Skip to content

Configuring Account Disabling

WSO2 Identity Server enables the privileged users to disable user accounts for longer durations. These disabled user accounts can only be unlocked by privileged users.

Scenario

Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. Sam is an administrator at Pickup. Alex is an employee who had served Pickup for 7 years and is entitled for sabbatical leave. As Alex is going on sabbatical leave for 2 years, Sam wants to disable Alex's account.

Let's learn how Sam can disable Alex's user account!

Set up

Follow the steps below to configure account disabling in WSO2 Identity Server.

  1. Open the deployment.toml file in the <IS_HOME>/repository/conf directory and check whether the following listener configs are in place.

    [event.default_listener.identity_mgt]
    priority= "50"
    enable = false
    [event.default_listener.governance_identity_mgt]
    priority= "95"
    enable = true
  2. Restart WSO2 Identity Server.

  3. To configure the account locking requirements:

    1. On the Main menu of the Management Console, click Identity > Identity Providers > Resident.

      Resident menu-item

    2. Under the Login Policies section, click Account Disabling.

      Account Disabling Option

    3. Select the Enable Account Disabling check box.

      Account Disabling form

    4. Click Update.

  4. To enable the account disabling claim:

    1. On the Main menu of the Management Console, click Identity > Claims > List.

      Claims List option

    2. Click http://wso2.org/claims.

      WSO2 claim dialect

    3. Under Account Disabled, click Edit.

      Account Disabled claim edit option

    4. Select Supported by Default.

      Account Disabled claim's Suppported by Default option

    5. Click Update.

Try out

  1. To create the user account for Alex:

    1. On the Main menu of the Management Console, click Identity > Users and Roles > Add.

      Add Users and Roles menu-item

    2. Click Add New User.

      Add New User option

    3. Enter the required data as follows.

      Add New User screen

      • Domain: Primary
      • Username: Alex
    4. Click Finish.

  2. To assign login permissions to the user:

    1. Click the View Roles option of Alex.

      View Roles option

    2. Click Permissions.

      Role Permissions option

    3. Select Login and click Update.

      Login permission

  3. To disable Alex's user account:

    1. Click User Profile option of Alex.

      User Profile option

    2. Enter an email address to which Alex's account disabling emails will be sent and select the User Locked check box.

      User Disabled option

    3. Click Update.

    4. An email that informs about the disabled account is sent to the given email address.

      Account Disabled email

    5. Access the WSO2 Identity Server My Account at https://localhost:9443/myaccount.

      Sign In form

    6. Try logging in with Alex's credentials. Note that an error message appears.

  4. To revoke the account disabling:

    1. Click User Profile option of Alex.

    2. Unselect the User Disabled check box.

    3. Click Update.

    4. An email that informs about the enabled account is sent to the given email address.

      Account Enabled email

    5. Trying logging in to the WSO2 Identity Server My Account with Alex's credentials. The WSO2 Identity Server My Account home screen appears.

Top