Cleanup on user lock

Airlock IAM supports cleaning up the current login status of users based on services that allow users to be locked by an IAM service. This allows deleting OAuth 2.0 session tokens and Remember Me cookies, i.e., in case of a voluntary password change or if a user has been locked out for some other reason.

Note that when importing an IAM 8.0 configuration and earlier, the cleanup is deactivated by default and should be activated manually, as described below in this article.

• IAM services that can provide user locking:
• AuthenticationStatusService
• ClientFingerprintingLogoutAction
• MaxFailedAttemptsImpl
• LockCommonService
• LockSelfServiceStep

There is currently no cleanup when users are locked during Transaction Approval.

0. Remember-Me Settings
1. Go to:
   Loginapp >> Applications and Authentication >> Remember-Me Settings
2. In section Basic Settings, enable the property Remove Remember-Me Tokens On User Locked.

0. OAuth 2.0/OIDC Authorization Servers
1. Go to:
   Loginapp >> OAuth 2.0/OIDC Authorization Servers
2. For each OAuth 2.0/OIDC Authorization Server, enable the property Delete Tokens On User Locked in section Advanced Settings.

• Internal links:
• Client fingerprinting-based lockout
• Failed factor attempts in public self-services
• Password reset in the Loginapp REST API / UI
• User lockout self-service
• Failed login counters and temporary locking