Hi,
Account 'locked' and 'suspended' are two different things. Reading through this (mainly the first line regarding setup of password-retries and password-max-suspension) I am guessing this is related to 'suspended' and not 'locked'.
If yes, there should be no action required by administrator to unsuspend the user account as it will be done by the system after 1800 seconds (i.e. 30 minutes) automatically.
See:
https://docops.ca.com/ca-directory/12-6/en/reference/commands-reference/set-password-max-suspension-command
But as you said, if someone else is using someone's ID to authenticate (knowingly or mistakenly), the accout will also get suspened after 5 tries. In that case, the options are:
- End user calls in and have administrator reset the password. Which will most likely be the case as that person would have no idea that someone suspended their account (knowingly or mistakenly).
- Or they can wait for 30 minutes and try again (which they wouldn't know and keep trying and finally call in to rest)
- You can reduce the password-max-suspension value to something that meets your request, maybe? e.g. 5 minutes, if that serves your SLO/SLA?
Thanks,
Hitesh