Entitlement required: manageUserGroups (Manage users and groups), or manageAllUserGroups (Synchronize users and groups), or manageUserStandardGroups (Manage users and standard groups), or authn (Authenticate yourself), or authnAnyUser (Authenticate any user).
Note: You only need one entitlement, but you can have more than one.
The email template for branding is at "notifications/user_management/login/{locale}/user_account_locked_email.xml". Pass in the themeId query parameter to brand the email template for notifications.
* Versions of this API before September 2021 returned a scimType of LOCKED_PWD_FAILURES when a user was locked out because of invalid credentials. The API now returns a scimType of INVALID_CREDS and a notification is sent to the user, stating that the account was locked. Use the urn:ietf:params:scim:schemas:extension:ibm:2.0:Notification element in the POST body to determine the type of notification.
If custom password intelligence warning is enabled and a password is provided that is listed in it, the 200 response includes the header 'isv-dictionary-policy' with the value: 'WARNLOCAL'.
If X-Force password intelligence warning is enabled and a password is provided that is listed in it, the 200 response includes the header 'isv-dictionary-policy' with the value: 'WARNGLOBAL'.
If custom password intelligence prevention is enabled and a password is provided that is listed in it, the 400 response can include the header 'isv-dictionary-policy' with the value: 'ENFORCELOCAL'. The corresponding error status is 'PWD_IN_DICTIONARY'.
If X-Force password intelligence prevention is enabled and a password is provided that is listed in it, the 400 response can include the header 'isv-dictionary-policy' with the value: 'ENFORCEGLOBAL'. The corresponding error status is 'PWD_IN_GLOBAL_DICTIONARY'.
post https://{tenanturl}/v2.0/Users/authentication