Self Service Password Reset contains a built in intruder detection independent of what your LDAP directory might provide. Because Self Service Password Reset can be exposed directly to the internet, this additional layer of detection helps protect against direct attacks. Self Service Password Reset always honors the internal intruder detection (if enabled) of the LDAP directory.
The goal for this intruder detection system is not to watch for human intruders, but it is designed to stop robotic or automatic attacks. Set the triggers to be sufficiently high so that normal user usage does not cause an application-level intruder detection. The help desk or administrator cannot unlock accounts due to this intruder detection.
To configure the intruder lockout settings:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Intruder Detection > Intruder Settings.
Follow the help to configure the intruder settings.
Click Settings > Intruder Detection > Intruder Timeouts.
Follow the help to configure the intruder timeout settings.
In the toolbar, click Save changes.