This article will help with finding out how to resolve a locked employee account.
Determining the Locked Reason Code
When an account locks, a reason code will be seen in the audit trail. The reason code will help with identifying why the account was locked. To find the the reason code, see the steps below:
- To find the lock reason code, navigate to the hamburger menu > team icon > My Team > Employee Information.
- On the Employee Information page, click on the quick link icon for the employee that has the a locked account and click on "Account Audit Trail".
- In this page, adjust your date range to be around the time the account was locked which can be done by clicking in the upper right hand area in the date range pill.
- For the "Field Disc" filter, type "Locked Reason" > refresh the report.
- The "New Value" column will display the a code which is the reason the account was locked.
The locked account reason codes can be found below:
Resolving the Locked Account Reason
- Code 1: VCA Cleared: indicates that the account was manually locked.
- Code 2: Invalid Attempts: indicates the employee entered the password incorrectly too many times.
- By default, the account will typically unlock after 30 minutes.
- Code 3: New Account Time Limit Exceeded: Checks to see if a new account has logged in during the grace period.
- Typically this is 15 days from the account being created.
- Code 8: The accountwas flagged due to being locked within an import.
- Implementation will typically unlock these accounts
- Code 9: VCA Approval Time Limit Exceeded: Indicates that VCA wasn't approved within the grace period
- There is a 72-hour grace period.
- What is VCA? See the Two Factor Authentication section below.
- Code 10: VCA Invalid Attempts Exceeded: this code indicates the employee entered the wrong code that was sent to their device too many times.
When in Doubt: Unlock > Reset > Clear the VCA
If accounts continue to lock, the following will ensure that accounts do not keep locking.
- Navigate to the hamburger menu > team icon > HR Employee Maintenance > Password Unlock
- Choose the employees by clicking on the browse icon and check the boxes of the employees that need to be unlocked > Click "APPLY".
- Click "UNLOCK" located in the upper right-hand area.
- Navigate to the hamburger menu > team icon > HR Employee Maintenance > Password Reset
- Choose the employees by clicking on the browse icon and check the boxes of the employees that need to be reset > Click "APPLY".
- Click "RESET PASSWORD" located in the upper right-hand area.
- Two-factor authentication can be clear in one of two ways:
- Navigate to the employee's account (Employee Information) > Find the "Two-Factor Authentication" widget > Click "CLEAR VIRTUAL CODE SETTINGS".
- OR: You may clear the two-factor authentication in mass by navigating to the hamburger menu > Cog icon > Mass Edit > Mass Edit Profiles > Check the boxes for the accounts that need to be cleared > Click "MASS EDIT" > Find the "Misc. Fields" widget > "Clear Virtual Code Settings". > click "APPLY CHANGE".
What is Two Factor Authentication?
Two Factor Authentication (2FA) is a required functionality for all account users that have access to sensitive data, including company admins, managers, and employees. This will send a number code for a user to enter as a second factor to be able to log in to their Elevated account.
By default, when the account is created, the email and phone that was entered will be the default when users first log in and could be used to receive the authentication code. During the first login, the user may change the email or phone to send the code , and if they do, the VCA Admin list will receive a to do to approve the changes. If the changes aren't approved within 72 hours, the account will lock. If the VCA is not approved within 72 hours, then unlocking the account, and clearing the VCA must be done.