Skip to main content

Implementing a user locking policy

When monitoring user counts and activity levels, you may find users who haven’t logged into the Celonis Platform for an extended period. By implementing a user locking policy, you can automatically lock or remove these inactive users.

Locked users still occupy a licensed seat and retain their assigned user or team roles, but they cannot use them until unlocked. You can unlock a user at any time to restore their access.

To implement a user locking policy, click Admin & Settings - Users - User locking policy

The Users screen allows you to lock user accounts and set up locking policies.

You have the following options:

  • Lock users with days of inactivity bigger than: Indicates the number of days that the user must be inactive before they are locked. The minimum number of days is four.

    Note

    Users manually unlocked within the past three days are exempt from the locking policy, regardless of the Lock users with days of inactivity bigger than setting.

  • Days to notify users before locking: The number of days prior to being locked that you want to send an automated email to users who are at risk of being locked out of your team.

  • Remove locked users: When enabled, locked users are removed from your after the specified number of days. Removed users must be re-invited (or re-authenticated if you’re using an SSO) to regain access and will lose their previous permissions.

  • Manually locking and unlocking users: As an admin, you can also manually lock or unlock a user. For more information, see Managing existing users.

Admins locked as a result of the user locking policy

If an admin is locked by the policy, they are notified by email and can unlock their account directly. This safeguard prevents the last active admin in a team from being locked out due to inactivity.