An administrative user can disable a user account by configuring this feature in the WSO2 Identity Server and editing the user profile of the account. You can also disable (switch-off) the account disabling feature so that administrative users do not have permission to disable users.
From 5.3.0 onwards there is a new implementation for identity management features. The steps given below in this document follows the new implemenation which is the recommended approach for account disabling.
Alternatively, to see steps on how to enable this identity management feature using the old implementation, see Account Disabling documentation in WSO2 IS 5.2.0. The old implementation has been retained within the WSO2 IS pack for backward compatitbility and can still be used if required.
Disable an account
Follow the steps below to disable a user account through the WSO2 IS management console.
Alternatively, instead of using the management console, you can also enable/disable the user account using the
setUserClaimValues() method in the
RemoteUserStoreManagerService after you have configured WSO2 IS for account disabling.
Configure WSO2 IS for account locking by following the instructions given in the Account Locking and Disabling topic.
Start WSO2 IS and login to the management console.
Navigate to Main>Claims>List and click on 'http://wso2.org/claims'.
Edit the Account Disabled claim. See Editing Claim Mapping for more information on how to do this.
- Tick the checkbox Supported by Default and click Update.
- Navigate to Main>Users and Roles>List>Users and click on User Profile of the user account that you want to disable.
- Tick the Account Disabled checkbox and click Update.
Switch off account disabling
If you want to switch off the account disabling option, follow the steps below.
The following section provides instructions on how to disable (switch-off) the account disabling feature. You may do this if you want to prevent even administrative users from disabling accounts.
- Open the
identity-event.propertiesfile found in the
The account disabling handler is registered by default in this file.
Remove the following subscription to switch off account disabling. This will remove the account disabling option from all tenants.