Use this activity to enable users’ disabled accounts. You can use the activity in different workflows. It is recommended to place this activity after authentication activities in a workflow.
NOTE: If you want to enable only the user accounts disabled through force enrollment, in the activity settings, select Enable user accounts disabled by force enrollment check box.
For example, to enable users with disabled accounts to reset passwords and enable their accounts, you can use the Enable Account activity in the Forgot My Password workflow:
-
Authenticate user with Q&A profile.
-
Enable account.
-
Reset password in Active Directory.
-
Restart workflow if error occurs.
-
Email user if workflow succeeds.
-
Email user if workflow fails.
Use this activity to require users to change their passwords at next logon. For example, you can use this activity in the Forgot My Password workflow to force users to change passwords at the next logon, after the password has been reset by Password Manager.
It is recommended to place this activity after the Reset password in Active Directory or Change password in Active Directory activities in a workflow.
This activity is a core activity of the My Notifications workflow. It allows users to select on the Self-Service Site the events they want to be notified about, such as when the password is changed or account is unlocked.
The event list available on the Self-Service Site depends on the settings you configure in the user notification activities included in the Self-Service workflows. Each user notification activity (Email user if workflow succeeds and Email user if workflow fails) has the settings that allow you to subscribe users to this notification or to allow users to choose whether they want to receive this notification or not.
If user notifications activities are not included in a workflow, users will not receive any email notifications about this workflow.
A notification text depends on the workflow in which the notification activity is used. For example, if the Email user if workflow succeeds activity is used in the Forgot My Password workflow, after successfully performing this task on the Self-Service Site the user will be notified that his password has been reset. By default, the Email user if workflow succeeds and Email user if workflow fails activities are included in each self-service workflow and offer notification templates.
For more information on configuring user notification activities, see Notification activities.
IMPORTANT: If a user notification activity is included in a Helpdesk workflow, the user will receive the corresponding notification. You cannot change user subscription settings of notifications about helpdesk workflows.
If you want to lock the user’s Questions and Answers profile after several failed authentication attempts, place the Lock Q&A profile activity before the Restart workflow if error occurs activity in a workflow. The Lock Q&A profile activity locks the profile when the total number of attempts to authenticate the user by using any of the following activities equals or exceeds the lockout threshold value:
- Authenticate with Q&A profile
- Authenticate via phone
- Authenticate with passcode
By default, the Lock Q&A profile activity is included in the Forgot My Password and Unlock My Account workflows.
NOTE:
-
If the user’s Q&A profile gets locked, all tasks on the Self-Service Site will be unavailable for the user. In this case, the user must contact help desk to obtain a passcode and unlock the Q&A profile.
-
If an unregistered user is registering for the first time and tries to enter a wrong password beyond the specified limit, the profile shall be locked out. The user must wait for the duration configured for Reset lockout Account.
This activity has the following settings:
-
Lockout duration: Specify the number of minutes the profile remains locked out before automatically becoming unlocked.
-
Lockout threshold: Specify the number of failed authentication attempts that will cause a the profile to be locked out.
-
Reset account lockout counter after: Specify the number of minutes that must elapse from the time a user fails to authenticate before the failed authentication attempt counter is reset to 0 bad authentication attempts.