diff --git a/server/api/controllers/access-tokens/exchange.js b/server/api/controllers/access-tokens/exchange.js
index 95e3e15..e805460 100644
--- a/server/api/controllers/access-tokens/exchange.js
+++ b/server/api/controllers/access-tokens/exchange.js
@@ -103,6 +103,7 @@ module.exports = {
       subscribeToOwnCards: false,
       createdAt: now,
       updatedAt: now,
+      locked: true,
     };
 
     const identityProviderUser = await IdentityProviderUser.findOne({
diff --git a/server/api/models/User.js b/server/api/models/User.js
index a0d9c50..73e876b 100755
--- a/server/api/models/User.js
+++ b/server/api/models/User.js
@@ -67,6 +67,10 @@ module.exports = {
       type: 'ref',
       columnName: 'password_changed_at',
     },
+    locked: {
+      type: 'boolean',
+      columnName: 'locked',
+    },
 
     //  ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
     //  ║╣ ║║║╠╩╗║╣  ║║╚═╗
diff --git a/server/db/migrations/20230809025904_add_lock_to_user_account.js b/server/db/migrations/20230809025904_add_lock_to_user_account.js
new file mode 100644
index 0000000..07c341f
--- /dev/null
+++ b/server/db/migrations/20230809025904_add_lock_to_user_account.js
@@ -0,0 +1,11 @@
+module.exports.up = async (knex) => {
+  return knex.schema.table('user_account', (table) => {
+    table.boolean('locked').default(false);
+  });
+};
+
+module.exports.down = async (knex) => {
+  return knex.schema.table('user_account', (table) => {
+    table.dropColumn('locked');
+  });
+};