In this policy, you can configure settings to lock a user’s account when the user fails the maximum failure attempts of login. This enhances security by preventing the guessing of passwords and one-time passwords (OTPs).
You can configure the following options in this policy:
: An option to enable the lockout settings.
: The limit of failure attempts of authentication, after which the user’s account is locked. The default value is 3.
: The period within which the user’s account is locked and the user cannot authenticate. The default value is 300 seconds.
: The option to lock the user account in repository. You cannot use if you enable this option. Only the system administrator must unlock the user in the repository.
IMPORTANT:You must configure the appropriate settings in your repository for the options to function appropriately. For Active Directory Domain Services, you must enable the Account lockout threshold policy on Domain Controllers.
For NetIQ eDirectory, you must configure the Intruder Detection appropriately.
After a user’s account is locked (not in the repository), you can unlock the user account. To do this, clickand click against the user’s account name.
The Helpdesk administrator can also unlock the locked users, if the Helpdesk Options policy.is enabled in the
: This option allows to lock the users who fail an authenticator's test in the Self-Enrollment portal for the number of times specified in .
By default, this option is set to. This indicates that the users will not be locked if they fail in the test process in the Self-Enrollment portal. You can enable the option to lock the user who tests an enrolled method and the test fails for the number of times specified in .
IMPORTANT:To enable theoption, ensure to enable the policy.