US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
US English (US)
FR French
DE German
PL Polish
SE Swedish
FI Finnish
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Processes and use cases
  • Use case library
  • Governance

Self-Service: Lock User Account

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

Self-Service: Lock User Account

Self-Service: Lock User Account


In this article is described how Manager or Security Manager can lock users accounts in case of misconduct or other security related reason.

This service deviates from update user departing user information, in a sense that this service will lock user and 

all relates users accounts immediately and accounts needs to be unlocked before any updates can be made to users information or access rights. 


Use Case Description


This use case is available only for IGA Enterprise package.



 Description

Overview

This use case describes how Manager or Security Manager can lock users all accesses to organizations applications. 

Operators

IGA solution
Self-Service Portal
Security Manager
Manager

Prerequisites

Lock user account service is published in the Self-Service Portal.

Result

Users IGA Identity Storage datacards is locked, IGA Account datacards are disabled, and user is not able to login to organizations network. After clearing situation with the user, Manager or Security Manager can request unlocking.

Operating chain
  1. Manager or Security Manager opens "Lock User Account" service from the Self-Service Portal

  2. Manager or Security Manager chooses Lock User check box

  3. Manager or Security Manager chooses user from the list

    • Manager can only lock subordinates accounts

    • Security Manager can lock all users accounts

  4. Manager or Security Manager chooses reason or fulfills mandatory justification and submits request
     
  5. IGA solution receives information and starts workflows and provisioning

    • User's IGA Identity Storage data cards status is changed to locked if updates are coming during this time

      • Personal or Organizational information is not updated, unless IGA solution receives employment end date from the source system or from Self-Service Portal. 

        • If employment end date is received, IGA solution moves to update departing user information use case

    • IGA solution starts provisioning towards directories and/or applications 

      • Information is automatically updated to directories (via Efecte Provisioning Engine) or to applications (via integration)

      • IGA Admin Task or email is generated for removing manually added accesses

    • IGA solution informs via email Security Manager and user's Manager(s) 

  6.  User's IGA account is disabled

  7. If user's IGA Identity Storage datacard and IGA Accounts needs to be enabled

    • IGA solution waits employment end date from source system or from Self-Service Portal (Update User Information service)

    • Security Manager or Manager opens "Lock User Account" service from Self-Service Portal

      • Chooses Unlock user account option

      • Chooses user from the list  

      • Fulfill mandatory justification

      • Submits form

    • If Manager requests unlock, Security Manager needs to approve it

      • IGA solution generates approval request to Self-Service Portal

    • IGA solution receives information and starts provisioning

      • Users IGA Identity Storage status is changed to active

      • Users IGA Accounts are enabled and information is provisioned to directory or application

  8. Access Right Records are saved and process ends.

Related datacards

IGA Identity Storage
IGA Service Request
IGA Account

Delete

Configuration Changes


Customer can influence these configurations, without them affecting projects work estimations or schedule.  


1. Customer can add more email receivers to be informed about users accounts been locked 


2. Customer can choose which of the existing user groups can access to Lock User Account service in Self-Service Portal.

Delete

Expansion Possibilities


In this chapter are listed expansion possibilities, but please notice that these might have affect to the projects schedule and work estimations, so these will always needs Efecte Consultants review before agreeing on implementation.


1. Customer can add more user groups to be able access to the Lock User Account service in Self-Service Portal

Delete

Relations and Configuration instructions


Relations to other use cases, 


Relations to other data cards, 


Configuration instructions: 

  1. Publish service "Lock User Account" in ESS

  2. Configure EPEtask called "[Directory] IGA Service request: Verify, Add, Remove"
    • Configure the connection settings and after that Test connection from the EPEtask
    • Define user and group filters and settings
    • No need to change user identity mappings

  3. Go to IGA service request and workflow called "3.2 Immediate Account Deactivation Workflow"
    • Publish the workflow

  4. Go to IGA service request and workflow called "3.1 Activate Account Workflow"
    • Publish the workflow


System test instructions:

  1. Test Unlock user Account from ESS 
    • Test user for this test case must be a manager that have subordinates
    • One test user that is Security manager who can approve the unlock
    • Check that IGA Service Request is handled successfully
    • Check the Directory that Account is unlocked
    • Check that Account status in ESM is locked
Delete


lockout self-service

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Self-Service: Approvals
  • Self-Service: Remove access rights
  • Self-Service: Request access rights

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand