Sun Identity Manager 8.1 Business Administrator's Guide

ProcedureTo Disable User Accounts

When you disable a user account, you alter that account so that the user can no longer log in to either Identity Manager or to his assigned resource accounts.

Note that administrators can disable user accounts from the Administrator interface, but they cannot lock user accounts. Accounts can only become locked if the user exceeds the allowable number of unsuccessful login attempts defined by the Identity Manager account policy

Note –

If an assigned resource does not have native support for account disabling, but does support password changes, then Identity Manager can be configured to disable user accounts on that resource by assigning new, randomly generated passwords.

Use the following steps to ensure that this functionality works correctly:

  1. Open the “Identity System Parameters” page in the Edit Resource Wizard. (See Managing Resources for instructions on how to open the wizard.)

  2. In the “Account Features Configuration” table verify that both the Password feature and the Disable feature do not have check marks in the Disable? column. (To display the Disable feature, select Show All Features.)

    If the Disable feature does have a check mark in the Disable? column, accounts in the resource cannot be disabled.

Disabling Single User Accounts

To disable a user account, select it in the User List, and then select Disable from the User Actions drop-down menu.

On the displayed Disable page, select the resource accounts to disable, and then click OK. Identity Manager displays the results of disabling the Identity Manager user account and all associated resource accounts. The accounts list indicates that the user account is disabled.

Disabling Multiple User Accounts

You can disable two or more Identity Manager user accounts at the same time. Select more than one user account in the list, and then select Disable from the User Actions list.

Note –

When you choose to disable multiple user accounts, you cannot select individually assigned resource accounts from each user account. Rather, this process disables all resources on all user accounts you select.