Skip to main content
Skip table of contents

Lock user

Use case scenarios

  • The user quits the organization

  • The user account shall not be used anymore for technical reasons

This article describes how an operator locks a user in Smart ID Identity Manager. Read more here: Smart ID Workforce use cases.

The user state and the related credentials are set to locked. All roles will be withdrawn.


Step-by-step instruction for the operator

Log in to Identity Manager Operator
  1. Log in to Identity Manager Operator with your user account.
Lock user
  1. In the Quick search drop-down list, select User. Search for the user that shall be locked. User data is shown in read-only mode.

    To cancel the process, see "Cancel the process" below.

  2. Click Lock user.
  3. In the Reason drop-down list, select the reason for locking.

    The user's active and inactive related credentials gets locked and the certificates that are valid or on hold gets revoked. See "Use case details" below. 

  4. Click Next to lock the user. The user will not be notified by email after being locked.

    Depending on the configuration, there can be options added to the use case, see "Options" below.

Cancel the process

To cancel the process:

  • Click Cancel to close the process.
  • Click Next to proceed with the process.

Use case details

Overview and technical details
Use case description

As an operator I want to lock a user in Identity Manager

  • End state for user = "locked"
  • End state for related credentials = "locked"
  • End state for related certificates = "revoked"
  • Keep the relation to the user
Related credentialsEnd state credentialsEnd state certificates
Card and related certificateslockedrevoked
Temporary cardlockedrevoked
Virtual smartcard and related certificateslockedrevoked
Mobile ID and related certificateslockedrevoked
Soft token and related certificateslockedrevoked
Symbolic name


Process name

Lock user


Identity Manager Operator

Process start

On the user profile>Lock user


About the options

The options are configured by the administrator via a script in Identity Manager Admin and can be used by the operator and self-service user.

The script already exists with default values, so you only need to change the values as needed, not create the script.

Add an approval step

Option: Add an approval step

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.