Question:
We're running a Policy Server and we'd like to know which uses cases
bring the user to be administratively disabled after login.
Sm_Api_Disabled_AdminDisabled= 0x00000001 = 1
Answer:
At first glance, the AdminDisabled is set when an operator disabled
manually the user in the AdminUI :
Policy Server :: Disable Flag : SmAuthReason
The Sm_Api_Disabled_AdminDisabled bit is usually set by using the
Admin UI's disable user button; the Policy Server does not set or
clear it during normal operations.
https://comm.support.ca.com/kb/policy-server-disable-flag-smauthreason/kb000049509
But this value can be added to another value for specific reason.
To illustrate :
User with DisableFlag = 0. User can login.
User with DisableFlag = 1. User cannot login because the administrator disabled it manually from the AdminUI.
User with DisableFlag = 3. User tried x times to login with incorrect credentials, and it has been disabled.
Looking at the screenshots, you've configured the user to be disabled
if it tries 5 times to login without the expected credentials.
You see disable state with value of 3 because the
Sm_Api_Disabled_AdminDisabled = 0x00000001 = 1 + Sm_Api_Disabled_MaxLoginFail = 0x00000002 = 2
KB : KB000132212