Granular Administrative Permissions: "Unblock Identity"

VeridiumID now supports a dedicated granular permission for unblocking user identities. This enhancement allows organizations to adhere to the principle of least privilege by separating the ability to unblock accounts from broader administrative roles.

The new "Unblock Identity" permission is assigned by default to the Technical Support role. This ensures that support staff can perform necessary account recovery actions—such as resolving "Lost Mode" or excessive biometric failure lockouts—without requiring full system configuration access.

Previously, account unblocking might have required broader identity management privileges. With version 3.8.4, administrators can now assign the Unblock Identity permission independently, in Admin / Groups & Roles / Roles section. This is particularly useful for environments utilizing the Technical Support role, where staff need to assist users with locked accounts (e.g., after multiple failed authentication attempts or manual administrative locks) but should not have permission to modify global security settings or directory integrations.