Use this guide to enable end-user or administrative (help desk) account unlock via the SecureAuth IdP Identity Management (IdM) Password Reset Tool.
This configuration option effectively unlocks a user's account, but does not display the account's current status on the Account Unlock page. Instead, it always shows that the user's account is "normal".
In the other configuration option, administrators or end-users can view the account's current status (locked, normal, etc.) before and after clicking unlock.
Both configuration options effectively unlock user accounts, but only the Show Status setup displays the account's current status on the page.
SecureAuth IdP provides configuration flexibility to allow users to reset known passwords, update forgotten passwords, unlock their own accounts, and / or unlock other users' accounts (help desk) via two methods: Enforce and Administrative.
Enforce Mode is appropriate for most Active Directory and other LDAP use cases, while Administrative Mode is more suited for SQL-type data stores that are targeted more for help desk utilization.
This guide provides configuration steps for both Enforce and Administrative modes, and for Help Desk Account Unlock and End-user Account Unlock. Help Desk Account Unlock allows administrators to unlock any user's account, and End-user Account Unlock allows users to unlock only their own accounts.