AscendCore
Back to Runbook Library
Identity Live in production

Account Unlock

Automate Microsoft Entra ID and Okta account unlocks from Slack and Teams. Identity verification, approval-gated unlock, failed-login counter reset.

Integrates with

OktaEntra ID

The problem

Account lockouts caused by failed-login thresholds are a top-three L1 ticket category. The pattern is simple: too many bad password attempts, the account locks, the user can't work until IT unlocks it. The operation itself takes seconds, but routing the request to a human, verifying identity, and updating the user takes 10-15 minutes per ticket.

What AscendCore does

A user requests an account unlock in Microsoft Teams or Slack. AscendCore validates the lockout reason, proposes the unlock with the option for identity-factor challenge, and on approval (or auto-execution for low-risk policy) unlocks the account in Microsoft Entra ID or Okta and resets the failed-login counter.

Workflow

  1. Detect — chat request (natural language or /account-unlock <email>)
  2. Resolve — locate the user in the IDP and confirm the lockout state
  3. Propose — admin approval card with lockout reason, recent login attempts, source IPs
  4. Approve — one-click approval (or auto-execute under low-risk policy)
  5. Execute — unlock the account and reset the failed-login counter
  6. Notify — user notified that they can sign in
  7. Audit — lockout cause + unlock approver logged

Integrations

  • Microsoft Entra ID — Account-status update via Graph API
  • Okta — Account lifecycle API for unlock and counter reset
  • Slack + Microsoft Teams — Request and confirmation

Status

Live in production. Verified end-to-end against real Microsoft Entra ID and Okta tenants.

Runbook source preview

Versioned, deterministic, auditable

Every runbook is defined as a versioned YAML manifest with explicit triggers, steps, and approval policies. The runbook itself is the audit-ready record of what AscendCore can and will do — chat is just the interface that triggers it.

name: account-unlock
trigger:
  channels: [slack, teams]
  intents: [account_unlock]
steps:
  - verify_identity:
      method: factor_challenge
  - unlock_account
  - reset_failed_login_counter
approval:
  required: false
  policy: auto_low_risk
Ready to deploy

Run account unlock from Teams or Slack today

AscendCore deploys in 48 hours for Slack + Okta or Teams + Entra stacks. See the first automated resolution the same day.

See plans & pricingBrowse all runbooks

More identity runbooks

Live

Access Role Change

Multi-system orchestrated role transitions for promotions, transfers, and contractor-to-FTE conversions. Five seed roles ship out of the box (support tiers, sales SDR/AE, engineering contractor/FTE/intern, HR generalist/manager); each transition produces a single approval card showing the full access diff and executes sequentially across Okta + Entra + Jira + M365 with per-step audit outcomes.

Read more
Live

Group Membership Management

Automate Microsoft Entra security group, M365 group, and distribution list membership changes from Slack and Teams. Name-resolved, approval-gated, idempotent.

Read more
Live

MFA Re-enrollment

Automate Okta and Microsoft Entra ID MFA factor reset and re-enrollment from Slack and Teams, with approval-gated execution and audit-friendly logging.

Read more
AscendCore

AscendCore Team

Online · Ask us anything

AscendCore

Hi! Welcome to AscendCore. Ask us anything about how we automate your IT help desk — or just say hi.