suspend does not lock in 18.04

To reproduce from the command-line (this is ubuntu 18.04):

% gsettings set org.gnome.desktop.screensaver ubuntu-lock-on-suspend true
% gsettings get org.gnome.desktop.screensaver ubuntu-lock-on-suspend
true

% systemctl suspend

Now the monitors go black and report "no signal" (good), and it will stay that way for hours (good) ... but if I tap "shift" key a few times, Ubuntu 18.04 comes back without asking my password. (I expected rather that the system would be locked, i.e. I should see a dialog box that would require a password before anything else!)

Same thing if I suspend by using the upper-right-of-screen "power" icon (click-and-hold, then click on the suspend icon).
Same thing if I let 20 minutes go by. (A msg comes up ~~ "system will suspend soon...", and it does suspend, but doesn't lock).

I have left the ubuntu-lock-on-suspend setting at "true" through several re-boots, but it still doesn't take effect.

I get the same behavior whether ubuntu-lock-on-suspend is set to "true" or "false".

Other info:
% wmctrl -m
Name: GNOME Shell
Class: N/A
PID: N/A
Window manager's "showing the desktop" mode: N/A

% lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

% uname -a
Linux ucbvax 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

I just upgraded from 16.04 a couple of weeks ago. I think (90%) it was locking in 16.04, but now not locking in 18.04.

If I click on the upper-right-of-screen padlock icon, then the system does lock (password required).

While it's locked in that way, I can click on the upper-right-of-screen "suspend" (from drop-down), and then my system is both suspended and locked. But the question is ...

How can I make my system lock (automatically) every time a "suspend" happens? (Or even "every time kbd and mouse are idle for 15 minutes"?)

Please advise.
thanks

---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: ubuntu 7633 F.... pulseaudio
 /dev/snd/controlC1: ubuntu 7633 F.... pulseaudio
CasperVersion: 1.394
CurrentDesktop: ubuntu:GNOME
DistroRelease: Ubuntu 18.04
IwConfig:
 enp2s0 no wireless extensions.

 enp7s5 no wireless extensions.

 lo no wireless extensions.
LiveMediaBuild: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
MachineType: To be filled by O.E.M. To be filled by O.E.M.
Package: linux (not installed)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 nouveaufb
ProcKernelCmdLine: file=/cdrom/preseed/username.seed boot=casper initrd=/casper/initrd.lz quiet splash --- maybe-ubiquity
ProcVersionSignature: Ubuntu 4.15.0-29.31-generic 4.15.18
RelatedPackageVersions:
 linux-restricted-modules-4.15.0-29-generic N/A
 linux-backports-modules-4.15.0-29-generic N/A
 linux-firmware 1.173.1
RfKill:

Tags: bionic
Uname: Linux 4.15.0-29-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 08/23/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 0705
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: M5A99X EVO
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0705:bd08/23/2011:svnTobefilledbyO.E.M.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnASUSTeKComputerINC.:rnM5A99XEVO:rvrRev1.xx:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.family: To be filled by O.E.M.
dmi.product.name: To be filled by O.E.M.
dmi.product.version: To be filled by O.E.M.
dmi.sys.vendor: To be filled by O.E.M.