--- title: Enabling Account Information tab content description: The Delegated Admin GUI's Account Information tab provides information about a user account. For Delegated Admin to display the user account information, you must enable the Password Policy State JSON virtual attribute for the users object class. You can then configure the information that displays. component: pingdirectory version: 11.0 page_id: pingdirectory:delegated_admin_application_guide:pd_da_enable_acct_info_tab_content canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/delegated_admin_application_guide/pd_da_enable_acct_info_tab_content.html revdate: September 19, 2023 section_ids: steps: Steps example: Example: --- # Enabling Account Information tab content The Delegated Admin GUI's **Account Information** tab provides information about a user account. For Delegated Admin to display the user account information, you must enable the `Password Policy State JSON` virtual attribute for the users object class. You can then configure the information that displays. ## Steps 1. For each PingDirectory instance that contains users, enable the `Password Policy State JSON` virtual attribute for the users object class. | | | | - | -------------------------------------------------------------------------------- | | | You don't need to enable this virtual attribute on PingDirectoryProxy instances. | For example, the following command enables the virtual attribute for users with the `person` object class, which includes users whose REST resource type structural object class is derived from `person`, such as `inetOrgPerson`. ```shell $ bin/dsconfig set-virtual-attribute-prop \ --name "Password Policy State JSON" \ --set enabled:true \ --set require-explicit-request-by-name:true \ --set "filter:(objectClass=person)" \ --no-prompt --applyChangeTo server-group ``` After you enable the virtual attribute, delegated administrative users can access account information for a user in the Delegated Admin GUI. The **Account Information** tab provides account status by default. To display the last login time and the password expiration date, you must set their properties. You configure these items per password policy. When not configured, these entries appear as follows: * LAST LOGIN `Last login time not available.` (This entry also displays when the user hasn't logged in.) * PASSWORD EXPIRATION `Password expiration date has not been enabled.` You can configure these items in the admin console or by using the `dsconfig` tool interactively or non-interactively. The following steps use the non-interactive approach: 2. Select the password policy for which you want to enable the last login time and password expiration date. Learn more about [Managing password policies](../pingdirectory_server_administration_guide/pd_ds_manage_password_policies.html). ``` dsconfig list-password-policies ``` 3. (Optional) Include the last login time. To include the last login time, choose which property to set. You can set either of the following properties: * `maximum-recent-login-history-successful-authentication-count` * `last-login-time-format` If you use this property, make sure the `last-login-time-attribute` has its default value `ds-pwp-last-login-time`. Values for `last-login-time-format` include: * `yyyyMMddHHmmss'Z'` for second-level accuracy * `yyyyMMdd` for day-level accuracy Learn more about [last login time](../pingdirectory_security_guide/pd_sec_last_login_time_ip.html) options. 4. (Optional) Include the password expiration date. To include this information, set the property `max-password-age`. 5. Set the desired password policy properties. ### Example: ```shell $ bin/dsconfig set-password-policy-prop \ --policy-name "" \ --set maximum-recent-login-history-successful-authentication-count: \ --set "max-password-age:" \ --no-prompt --applyChangeTo server-group ```