If we need to support additional parameters for devise authentication besides normal(username/email with password). We can do this in devise by overiding an existing method, 'active_for_authentication?'. After authenticating a user and in each request, Devise checks if your model is active by calling model.active_for_authentication?

Consider a feature 'Lock sub user', here we can add a boolean flag 'is_locked', based on this flag we enable or disable the authentication for the sub-user:

 def active_for_authentication?
  super && !is_locked

Instead of !is_locked, we can also add a custom method which:

  1. returns a boolean

  2. based on single or multiple parameters

Please refer this wiki: [user account status validation...(Devise link)][1]

If the method 'active_for_authentication?' returns false, method 'inactive_message' is invoked, user will receive notification for being inactive. We need to customize the message as well:

 def inactive_message
  !is_locked ? super : :is_locked

Now this will refer the custom message for 'is_locked' and not inactive, which we need to define in devise translation file.

    inactive: 'Your account was not activated yet.'
    is_locked: 'Your account has been locked.'

Thank you.
[1]: https://github.com/plataformatec/devise/wiki/How-To:-Customize-user-account-status-validation-when-logging-in