Step 5: First User Test
Test the complete flow with a real user to verify everything works.
Prerequisites
Before Testing
- Connector showing Online in portal
- At least one policy configured
- Test user enrolled with WhatsApp number
- Access to test user's email (for OTP)
Step 1: Enroll Test User
- In Admin Portal, go to Users → Enroll User
- Search for a test user in AD
- Enter their WhatsApp number (international format: +5511999999999)
- Click Enroll
User appears in enrolled users list with:
- Name: Test User
- WhatsApp: +5511999999999
- Status: Active
Step 2: Lock the Test Account
For testing account unlock, first lock the account:
# Lock account by setting bad password attempts
# Or simply use:
Set-ADAccountPassword -Identity testuser -NewPassword (ConvertTo-SecureString "WrongPassword123!" -AsPlainText -Force)
# Enter wrong password multiple times to lockOr use this to directly set lockout:
# Lock account
$user = Get-ADUser -Identity testuser
$user.lockoutTime = (Get-Date).ToFileTime()
Set-ADUser -Instance $user
# Verify locked
Get-ADUser -Identity testuser -Properties LockedOut | Select-Object LockedOut
# Should return TrueStep 3: Send WhatsApp Message
From the test user’s phone, send a WhatsApp message to your AD Unlock number:
My account is locked
Or in Portuguese:
Minha conta está bloqueada
Step 4: Verify OTP Flow
-
AD Unlock responds:
“I found your account (testuser@company.com). To verify your identity, I’ve sent a 6-digit code to your email. Please enter the code here.”
-
Check test user’s email: Subject: “AD Unlock Verification Code” Body contains: 6-digit code (e.g., 847291)
-
Reply with the code:
847291
-
AD Unlock responds:
”✅ Verified! Your account has been unlocked. You can log in now.”
Step 5: Verify Account Unlocked
Get-ADUser -Identity testuser -Properties LockedOut | Select-Object LockedOut
# Should return FalseStep 6: Check Audit Log
In Admin Portal:
- Go to Requests or Audit Log
- Find the test request
Request #12345
User: testuser@company.com
Action: Account Unlock
Status: Completed
Risk Score: 15 (Low)
Policy: Standard Users
Approved: Auto (risk within threshold)
Duration: 1.2 secondsTest Password Reset (Optional)
To test password reset:
- Send: “I need to reset my password”
- Complete OTP verification
- Check test user’s email for new password
- Verify login with new password
Remember: Passwords are ONLY sent via email, never WhatsApp.
| Symptom | Cause | Solution |
|---|---|---|
| No response from WhatsApp | Webhook not configured or Z-API disconnected | Check Z-API dashboard, verify webhook URL |
| User not found | User not enrolled or phone number mismatch | Verify enrollment and phone number format (+country code) |
| OTP not received | Email not configured or wrong email address | Check email settings, verify user's email in AD |
| Unlock failed | Connector offline or permissions issue | Check connector status, verify service account permissions |
| Request blocked | Risk score too high or policy blocking | Check risk factors, adjust policy thresholds |
Verification Complete
All Tests Passed?
- WhatsApp message received by AD Unlock
- OTP sent to email
- OTP verification successful
- Account unlocked (or password reset)
- Audit log shows request
- Connector still Online
Congratulations!
Your AD Unlock installation is complete and working.