Version
8.4
Question
Hello everyone, I want to know how can I lock the account with simple way.
I tried to find in the UI, but I don’t found it, maybe I can do it with custom rule, or do it by the object in debug page?
Thank you!
@fewthiraphat
Can you be more specific, do you mean locking a identity for any further updates or what exactly you are looking here?
Hi @iamksatish, I want to use delimit file aggregate into the IIQ, and then I want to lock some account, that make the users can not login, I want to test the Self Service to unlock account, for POC.
So, your delimited file is your authoritative source application and targeted/connected application is Active Directory, am I correct?
Lock what, AD Account or Lock the user to login to IIQ?
Hi @pattabhi , You are correct, my delimited file is authoritative source, but I do not have a target application, just want to make the accounts that created with that delimited file can not login to IIQ.
Hi @iamksatish, I want to lock users, so they can not login to IIQ.
1 Like
Hi all, how about I create a new identity with LCM, set the password and test it by not using the delimited file authoritative?
But I still don’t know how to lock the account/identity
@fewthiraphat
if you intent is not to login to IIQ and you are not using any SSO solution, reset the user with a randomly generated password using IIQ APIs, this will allow user from logging because if you lock the object this can cause other issues on identity like refresh and other operations to be impacted
1 Like
I have tested it on IIQ 7.1p2, same way it should work in IIQ 8.4 as well. please go-ahead and test from your end whether this is what you are looking for.
I set the Identity Attribute inactive to Temporary.
now I choose an identity: Joe.Myers and rest the password, just observe this time Inactive is not set.
Now I am able to login with identity: Joe.Mayers to IIQ as shown below.
Now I edit the identity: Joe.Mayers and set the Inactive flag as shown below.
after inactive flag set when I try to login with Identity: Joe.Mayers it is not allowing.
1 Like
Thank you @pattabhi , by the way, do you know how can I use self service to unlock account?
You can lock the account by enable the identity attribute as below:
lock=“1” will appear in identity xml under debug page.
This attribute will set in Identity profile by IIQLock. After update true value on this attribute, User will not able to login in SailPoint IIQ.
2 Likes
Hello @tsandeepsTmob , I think this is want I want, thank you for your help 
Hello @pattabhi , Thank you for your knowledge, but I think it’s still not match for my requirement, but this is a good answer, maybe this will match for the readers in this topic in the future
1 Like
Thanks for the comment/update, @tsandeepsTmob Provide the accurate solution for your requirement, it is working fine.
- lock
<Identity lock="1" created="XXXX" id="XXXXXXXX" name="X1001005" password="xyxyxy" >
- unlock: just delete the entire lock flag.
<Identity created="XXXX" id="XXXXXXXX" name="X1001005" password="xyxyxy" >
both the scenario’s working fine with the identity attribute lock flag
Hi @pattabhi , Thank you for your testing, this make me and readers are sure, this lock flag is works in many environments.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.