Verify user account status

OneSpan Authentication Server verifies the status of the user account found for the user attempting to log on:

1. If the user account is disabled, the authentication request is rejected.
2. If the user account has expired because a specified expiration date has passed, the authentication request is rejected.

3. If the user account has been suspended due to inactivity, the authentication request is rejected.

   OneSpan Authentication Server can be configured to force a user account to be suspended if it is not used for a specified amount of time. The number of days that a user account can remain unused before being suspended can be configured in the policy used to log in. This value will be checked and the number of days since the last logon will be calculated. If the user account has been unused for too long, logon will be denied.

4. If the user account is locked, OneSpan Authentication Server verifies whether a user auto-unlock attempt is possible (see User account auto-unlock).

   If any unlock retries are left and the calculated lock duration since the last authentication request has elapsed, OneSpan Authentication Server assumes a possible user auto-unlock attempt and allows the authentication request.