Applies To: AuthPoint Multi-Factor Authentication, AuthPoint Total Identity Security
If you move or delete a user account in your LDAP database, the status of the linked AuthPoint user account changes to Quarantined. Quarantined users cannot authenticate until you restore them or move them back to their original location in the LDAP database.
You must have an available user license for each quarantined user account that you want to resync. If you do not have an available user license, you cannot remove the Quarantined status from the user account.
Symptoms
- AuthPoint users synced from an LDAP database have the Quarantined status
- Quarantined AuthPoint users cannot authenticate to protected resources
Diagnostic Steps
- Verify the user is still in the correct LDAP group or groups that are in the AuthPoint group sync.
- Verify the user has not been moved or deleted in the LDAP database.
Possible Causes and Solutions
| Possible Cause | Solution |
|---|---|
| The LDAP user was moved between OUs or containers |
Move the user back to their original location in the LDAP database. If the move was intentional, create a new group sync to sync the user to AuthPoint and remove the Quarantined status. For more information, go to Resync Quarantined Users. |
| The LDAP user no longer belongs to the LDAP group in the AuthPoint group sync | Add the user to the synced group or create a new group sync to sync the user to AuthPoint and remove the Quarantined status. |
| The LDAP user was deleted in the LDAP database |
Restore the user account. If you delete a user from the LDAP database and then create a new user account with the same information and resync to AuthPoint, AuthPoint does not associate the new user account with the Quarantined user because they have different Globally Unique Identifiers (GUIDs). |