When you disable a user account, you suspend the user's permission to authenticate, which prohibits access to protected resources. You might disable users who take an extended absence, and then enable these users when they return to work.
Disabling a user does not delete the user from the identity source. When a user account is disabled, any tokens belonging to the user remain assigned. Disabling a user account does not unassign the user’s assigned tokens.
If you want to disable a user in an LDAP directory that is linked to RSA Authentication Manager, you must use the native LDAP directory interface.
In the Security Console, click Identity > Users > Manage Existing.
Use the search fields to find the user that you want to disable. Some fields are case sensitive.
Click the user that you want to disable, and select Edit.
Under Account Information, select Account is disabled.