Sarah doesn’t want to reset the password (that would require updating 20 production config files). She just needs to remove the lock without changing the credential.
If you have scoured a .mobileconfig file, dug through the documentation of a Mobile Device Management (MDM) solution like Jamf Pro, Kandji, or Mosyle, or looked at an escaped plist string, you have likely seen this string. But what exactly is ipa user-unlock ? How does it work, and why is it the linchpin of modern, passwordless, or secure recovery workflows? ipa user-unlock