I faced an issue of having some "Invalid Login" error messages and when looking for the root cause of this issue I found something which imho could be improved.
Going straight to the point, there is one Timer on Users app that runs daily at 4:00 am called "SynchronizeDomainUsers" that in it's logic calls an action/method from "Authentication" extension called "ActiveDirectory_GetAccountDetails":
The problem, as I see it, is that on that method we have:
So, I found that there were users being set as Inactive on OutSystems Platform by that timer, which runs from "Users" app because their account happened to be locked out when the timer was running.
I see at least 3 things here:
By the way, this happens on every environment, from Dev to Prod.
I cloned a users espace and took a look at the SynchronizeActiveDirectoryUser action. It checks a site property called SyncExternalAuthenticationUsersActiveStatus before it set's the is_active flag.
If set to false, users will not be set as inactive when they are inactive in the external authentication system.It's set to true by default.
However I cannot find any site properties for the published Users espace. Do you have any site properties for the Users espace in your environment?
I will set that site property (SyncExternalAuthenticationUsersActiveStatus) to False, to avoid the assign on that If. However, I don't see why having that check of "IsAccountLockedOut" as mandatory - it should be available on a Site Property setting. Active and LockedOut are different things...
Regarding the site properties, you can edit them from the Tenant Users config.
I agree with you this check should not be mandatory by default. Thank you for letting me know where I can find those site properties. I didn't know about the Tenant Site Properties.