Locked Account

Locked Employee Account Troubleshooting

This article will help with finding out how to resolve a locked employee account.

Determining the Locked Reason Code

When an account locks, a reason code will be seen in the audit trail. The reason code will help with identifying why the account was locked. To find the the reason code, see the steps below: 
  1. To find the lock reason code, navigate to the hamburger menu > team icon > My Team > Employee Information. 
  2. On the Employee Information page, click on the quick link icon  for the employee that has the a locked account and click on "Account Audit Trail".
  3. In this page, adjust your date range to be around the time the account was locked which can be done by clicking in the upper right hand area in the date range pill. 
  4. For the "Field Disc" filter, type "Locked Reason" > refresh the report. 

  5. The "New Value" column will display the a code which is the reason the account was locked. 
The locked account reason codes can be found below: 

Resolving the Locked Account Reason

  1. Code 1: VCA Cleared: indicates that the account was manually locked.
  2. Code 2: Invalid Attempts: indicates the employee entered the password incorrectly too many times. 
    1. By default, the account will typically unlock after 30 minutes.
  3. Code 3: New Account Time Limit Exceeded: Checks to see if a new account has logged in during the grace period.
    1. Typically this is 15 days from the account being created.  
  4. Code 8: The accountwas flagged due to being locked within an import.
    1. Implementation will typically unlock these accounts
  5. Code 9: VCA Approval Time Limit Exceeded: Indicates that VCA wasn't approved within the grace period
    1. There is a 72-hour grace period. 
    2. What is VCA? See the Two Factor Authentication section below.
  6. Code 10: VCA Invalid Attempts Exceeded: this code indicates the employee entered the wrong code that was sent to their device too many times. 

When in Doubt: Unlock > Reset > Clear the VCA

If accounts continue to lock, the following will ensure that accounts do not keep locking. 
  1. Navigate to the hamburger menu > team icon > HR Employee Maintenance > Password Unlock
    1. Choose the employees by clicking on the browse icon and check the boxes of the employees that need to be unlocked > Click "APPLY".
    2. Click "UNLOCK" located in the upper right-hand area. 
  2. Navigate to the hamburger menu > team icon > HR Employee Maintenance > Password Reset
    1. Choose the employees by clicking on the browse icon and check the boxes of the employees that need to be reset > Click "APPLY".
    2. Click "RESET PASSWORD" located in the upper right-hand area. 
  3. Two-factor authentication can be clear in one of two ways:
    1. Navigate to the employee's account (Employee Information) > Find the "Two-Factor Authentication" widget > Click "CLEAR VIRTUAL CODE SETTINGS". 
    2. OR: You may clear the two-factor authentication in mass by navigating to the hamburger menu > Cog icon > Mass Edit > Mass Edit Profiles > Check the boxes for the accounts that need to be cleared > Click "MASS EDIT" > Find the "Misc. Fields" widget > "Clear Virtual Code Settings". > click "APPLY CHANGE".

What is Two Factor Authentication? 

Two Factor Authentication (2FA) is a required functionality for all account users that have access to sensitive data, including company admins, managers, and employees. This will send a number code for a user to enter as a second factor to be able to log in to their Elevated account. 

By default, when the account is created, the email and phone that was entered will be the default when users first log in and could be used to receive the authentication code. During the first login, the user may change the email or phone to send the code , and if they do, the VCA Admin list will receive a to do to approve the changes. If the changes aren't approved within 72 hours, the account will lock. If the VCA is not approved within 72 hours, then unlocking the account, and clearing the VCA must be done.  

    • Related Articles

    • How to Re-Send Account Created Email

      This guide will demonstrate how to re-send the Account Created (Activation) Email to employees who may not have previously received it. Please keep in mind that if you do not have access to the functionality mentioned below and you are a company ...
    • How to Hire a New Employee

      This article will cover the steps required to add a new hire to the system. Green Leaf’s new hire process typically consists of an administrator or manager initiating the new hire, the New Hire receiving an email to log in and complete their new hire ...
    • How to Manually Add a Non-Employee User

      How to Manually Add a Non-Employee User   This article will cover the steps required to Manually Add a Non-Employee User to the system. Non-Employee User accounts are useful for administrative roles, or if you need to create a test account to see if ...
    • Credentials - User Name, Password, Login.

      By default, when you add a new hire, as soon as you activate the "account"/employee profile, the new account (even if this is adding an accountant) will receive an email with a login landing site, company short name, user name and the password ...
    • How to Add Employee Notes

      Employee Notes can be used to track pertinent information regarding user accounts outside of all other tracking mechanisms within the system. Notes can be visible or hidden from users based on security permissions and business necessity. To add notes ...