About banned accounts
From time to time you may find that an account has been banned by the system - all admins of the same organisation as the user should receive an email to say what has happened - and you will need to re-enable the account before it can be used again.
You are the best person to decide whether or not the account should be re-enabled once you make an assessment of whether the account holder was complicit in whatever actions got the account banned, or was just careless with their password.
If you determine that the user was complicit, you should not immediately delete the account as you will need that for any further investigation that may come up - i.e. publishers may be in touch about other things that have happened involving that account.
How to find banned accounts
There are three ways:
- The status column of any list or search will say banned on accounts in this state.
- You can search for OpenAthens accounts via the advanced search function by selecting the checkbox there.
- You can filter the audit stream for account banned events
How to re-enable a banned account
- Find the account via search or link from the record in the audit stream and open its details
- From the actions button in the top right (next to the trash button) select the re-enable option
Accounts that are blocked due to rules you have put in place on a local connection cannot be re-enabled this way. You would need to adjust the rule that blocked them, or change the account property that is triggering the rule in your local directory.
Why an account is banned
When we detect activity that is consistent with misuse our systems will automatically suspend the account, display a message to that effect and email the account holder and their administrator.
Example: an account signs in from Australia, then 20 minutes later signs in again from India, and then an hour after that from Argentina. This is certainly not going to be the account holder going to those three countries so quickly, so the account is suspended.
Whilst the specific activity described above will definitely get an account banned, the actual thresholds and activities we monitor are not discussed.
If you want to disable an account yourself...
Locked means a temporary lockout when the wrong password is used too many times in a short period of time.
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com