Use this guide to enable end-user or administrative (help desk) account unlock via the SecureAuth IdP Identity Management (IdM) Password Reset Tool.
This configuration option accurately displays the account's status on the Account Unlock page, and requires two chained realms.
In the other configuration option, administrators or end-users can unlock accounts, but the status always displays as "normal", even if the account is locked.
Both configuration options effectively unlock user accounts, but only this setup displays the account's current status on the page.
SecureAuth IdP provides configuration flexibility to allow users to reset known passwords, update forgotten passwords, unlock their own accounts, and / or unlock other users' accounts (help desk) via two methods: Enforce and Administrative.
Enforce Mode is appropriate for most Active Directory and other LDAP use cases, while Administrative Mode is more suited for SQL-type data stores that are targeted more for help desk utilization.
This guide provides configuration steps for both Enforce and Administrative modes, and for Help Desk Account Unlock and End-user Account Unlock. Help Desk Account Unlock allows administrators to unlock any user's account, and End-user Account Unlock allows users to unlock only their own accounts.