Here you can set when the user's account (or other object, such as group, organizational unit...) is valid.
Users with locked accounts won't be allowed to log on to your applications and won't be authorized for any action (no matter what kind of authentication you use). If you need to lock an account, simply set the time period different to current time.
User groups, organizational units, roles, applications and applications parts whose validity has expired can't influence permission check results. It means that authorization for access to a locked application will always result in a disallowed access.
Valid From - date the object is valid from. This value must always be set.
Valid To - date the object is valid to. Leave it empty if you don't want to restrict the object validity.