Entitlement required: manageUserGroups (Manage users and groups), or manageAllUserGroups (Synchronize users and groups), or manageUserStandardGroups (Manage users and standard groups), or authn (Authenticate yourself), or authnAnyUser (Authenticate any user).
Note: You only need one entitlement, but you can have more than one.
The email template for branding is at "notifications/user_management/login/{locale}/user_account_locked_email.xml". Pass in the themeId query parameter to brand the email template for notifications.
* Versions of this API before September 2021 returned a scimType of LOCKED_PWD_FAILURES when a user was locked out because of invalid credentials. The API now returns a scimType of INVALID_CREDS and a notification is sent to the user, stating that the account was locked. Use the urn:ietf:params:scim:schemas:extension:ibm:2.0:Notification element in the POST body to determine the type of notification.
post https://{tenanturl}/v2.0/Users/authentication