Dear Anders,
ABAP systems distinguish between two lock reasons:
Account lock:
A user account can be locked by the administrator. This
means that the user can no longer log on to the system at all.
Password lock:
A password lock is set internally in the system when the
maximum number of failed password-based logon attempts has been exceeded (see
Note 2467). Any further password-based logon attempts are blocked for this user.
However, this does not affect any other authentication procedures and internal
procedures (see Note 498889).
This means, a password lock is not a useraccount lock. Password Locks are meant to prevent password based logons to avoid rainbow attacks by hackers. If you want that users cannot logon also using SSO you have to lock the user _account_. This you can do in the useradministration (SU01...)
The user info system has been improved to show this distinction better see note 1791413
Hope this helps.
Best regards,
Adrian