Check if user is revoked/locked before authenticating with SSO


I have noticed that locked/revoked users are automatically “unlocked” if they log in through SSO.

So, I want to know what is the best or easiest way to not allow that to happen. Basically, I don’t want locked/revoked users to be allowed back into my App through SSO

1 Like

Hi Fred

You are correct. By default the system assumes that if an end user can authenticate against their IDP via SSO then that user should have access to the app (this behavior is by design so as to delegate the authorization for the app to the federated IDP, for example if the user is locked in AD then they won’t be able to log into the app via SSO).

However, it is pretty easy to check if the user has been locked before allowing them into the app. Below is a pretty standard implementation that accomplishes this. It uses the sessions API to review the locked status of the user before allowing them into the application

    let claimsEmail = ? : claims.uid;

    claimsEmail = claimsEmail.toLowerCase();
    console.log(`Claims email: ${claimsEmail}`);
    let user = await DB.user.first("email = ?", claimsEmail);

    if (!user) {
        console.log('No user found, creating a new one');
        user = DB.user.create(); = claimsEmail; = ? : `${} ${}`;
    } else {
        console.log(`User found, ID: ${}, checking if user is revoked`);
        // check if user is revoked
        const options = {
            method: 'GET',
            headers: {
                'Authorization': `Bearer ${this.backend.token}`

        console.log('About to query sessions api');
        let response = await fetch(`${this.backend.url}/users/${}`, options);

        if (response.ok) {
            let userSessionData = await response.json();
            if (userSessionData.locked) {
                console.log('User locked');
                return context.unauthorized({message: 'Access Denied - Account Locked'});

    console.log('Responding with authorized');
    return context.authorized(user);
1 Like