Managing Lockout Settings
IdentityNow locks a user account if they fail to enter the correct password after a certain number of times when trying to sign in or reset a password.
By default, if a user or an unauthorized person provides the wrong password five times in a row in a five-minute period, they are locked out of their account for 15 minutes. You can change the default settings to meet the requirements of your organization by following the process described below.
The sign in page does not warn the user that this is happening to prevent malicious activities such as brute force attacks. However, the user does receive an email notification that indicates when and where the attempts occurred and when the account will be unlocked.
After 15 minutes, the user can try again or choose to reset their password.
If IdentityNow is configured to restrict users from unlocking their account or resetting their password based on their country or network, these options might not be available to all users.
Be aware of how these lockout settings might interact with pass-through authentication sources. If IdentityNow is configured to use pass-through authentication, locking the IdentityNow account also locks their Active Directory or other primary account.
If users are locked out because of failed sign ins, they can choose to unlock their account or reset their password to access the system immediately. If a user needs help resetting their password or you believe their account is compromised, you can reset a user's IdentityNow password for them.
Under Sign In Lockout Settings, use the dropdown menus to set the:
• Maximum Attempts - The number of times someone can enter the wrong password before the account is locked.
• Minutes Until Attempt Count Resets - The period during which the number of failures is counted. For example, by default, if someone enters the wrong password five times within a five-minute period, they are locked out. However, if they enter four wrong passwords and then take a break for five minutes, they can try again without being locked out because the failure count resets.
• Minutes User is Locked Out - How long the account is locked before the user can try again.
Under Password Reset Lockout Settings, use the dropdown menus to set the maximum attempts and minutes the user is locked out of the account.
If a user successfully enters their password but fails the Knowledge-based Authentication (KBA) questions, they are not locked out of their accounts.
However, if a user is resetting their password and fail the KBA questions, they will be temporarily blocked from resetting their password.
The attempt limit and duration of being blocked are configured in Global > Lockout Management > Password Reset Lockout Settings.