Ipa User-unlock [OFFICIAL]

: Only administrators or users with specific "unlock" privileges (RBAC) can execute this command. Troubleshooting

ipa user-unlock is a command-line utility used to unlock a user account in an Identity and Access Management (IPA) system. When a user account is locked, it prevents the user from logging in to the system, accessing applications, and using resources. The ipa user-unlock command allows administrators to unlock the user account, restoring access to the user. ipa user-unlock

Always verify the user's identity via a secondary method (like a callback or MFA) before unlocking an account to prevent social engineering attacks. : Only administrators or users with specific "unlock"

By default, FreeIPA uses a Password Policy (managed via ipa pwpolicy-show ) that defines: How many wrong guesses are allowed. The ipa user-unlock command allows administrators to unlock

To confirm the user was actually locked before unlocking, first check their status: