Prohibit user to login

User resource has inactive property. When it equals to true the user cannot login. Login attempts return 400 with "error": "invalid_grant" and "error_description": "User is inactive".

Using the API

Lock a user account

PATCH /User/my-user
Content-Type: application/json

{
  "inactive": true
}

Unlock a user account

PATCH /User/my-user
Content-Type: application/json

{
  "inactive": false
}

Aidbox does not automatically lock accounts after failed login attempts. Setting inactive to true is the only lockout mechanism.

Using the UI

Click the Users link in the left sidebar
Filter users list and click the desired user
Add inactive property value true
Press the Save button