Thanks Rob, will do&nbsp;<br><br><div id="ymail_android_signature"><br></div> <br> <blockquote style="margin: 0 0 20px 0;"> <div style="font-family:Roboto, sans-serif; color:#6D00F6;"> <div>On Thu, Jun 13, 2019 at 1:45 PM, Rob Crittenden</div><div>&lt;rcritten@redhat.com&gt; wrote:</div> </div> <div style="padding: 10px 0 0 20px; margin: 10px 0 0 0; border-left: 1px solid #6D00F6;"> <div dir="ltr">Eric Fredrickson via FreeIPA-users wrote:<br></div><div dir="ltr">&gt; Hello,<br></div><div dir="ltr">&gt; <br></div><div dir="ltr">&gt; I was wondering if there was a way or if this is on the roadmap for future work.&nbsp; I have a use case where I'd like to create a user account, but add a rule where OTP must be assigned to the account within a certain time period (e.g. 24 hours).&nbsp; If not, the account is disabled.&nbsp; This leaves the end user with the ability to create their OTP and not have to distribute any secret keys/screenshots of the QR code, while removing administrative burden of manually checking accounts if they have OTP enabled.<br></div><div dir="ltr"><br></div><div dir="ltr">There is no sort of rule engine in IPA where you can conditionally<br></div><div dir="ltr">disable accounts. There are similar RFEs for disabling on conditions,<br></div><div dir="ltr">for example due to inactivity, <a href="https://fedorahosted.org/freeipa/ticket/4975" target="_blank">https://fedorahosted.org/freeipa/ticket/4975</a><br></div><div dir="ltr"><br></div><div dir="ltr">Might be worth filing a separate ticket with your use case and<br></div><div dir="ltr">mentioning it in the other ticket so a generic solution can be created.<br></div><div dir="ltr"><br></div><div dir="ltr">rob<br></div><div dir="ltr"><br></div> </div> </blockquote>