Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

This article describes how an operator locks a user in Smart ID Identity Manager. Read more here: Smart ID Workforce use cases.

The user state and the related credentials are set to locked. All roles will be withdrawn.

Expand/Collapse All


Step-by-step instruction for the operator

  1. Log in to Identity Manager Operator with your user account.
  1. In the Quick search drop-down list, select User. Search for the user that shall be locked. User data is shown in read-only mode.

    To cancel the process, see "Cancel the process" below.

  2. Click Lock user.
  3. In the Reason drop-down list, select the reason for locking.

    The user's active and inactive related credentials gets locked and the certificates that are valid or on hold gets revoked. See "Use case details" below. 

  4. Click Next to lock the user. The user will not be notified by email after being locked.

    Depending on the configuration, there can be options added to the use case, see "Options" below.

To cancel the process:

  • Click Cancel to close the process.
  • Click Next to proceed with the process.

Use case details

Use case description

As an operator I want to lock a user in Identity Manager

  • End state for user = "locked"
  • End state for related credentials = "locked"
  • End state for related certificates = "revoked"
  • Keep the relation to the user
Related credentialsEnd state credentialsEnd state certificates
Card and related certificateslockedrevoked
Temporary cardlockedrevoked
Virtual smartcard and related certificateslockedrevoked
Mobile ID and related certificateslockedrevoked
Soft token and related certificateslockedrevoked
Symbolic name


Process name

Lock user


Identity Manager Operator

Process start

On the user profile>Lock user


The options are configured by the administrator via a script in Identity Manager Admin and can be used by the operator and self-service user.

The script already exists with default values, so you only need to change the values as needed, not create the script.

Option: Add an approval step

Use case scenarios

  • The user quits the organization

  • The user account shall not be used anymore for technical reasons

Related information