Account Lock Out Information
JICS enables administrators to set up a Lock Out policy on the Authentication Settings page in Site Manager. The following sections explain the settings to implement the Lock Out policy and what happens when users are locked out.
Lock Out Users Based on Settings
This feature locks out users if they try and fail to log in too many times in a row as determined by the settings set up in the Lock Out policy by an administrator.
When a user attempts to log in and the attempt fails security, an error message displays: "You have exceeded the maximum allowed login attempts and your account has been locked. Users can contact their administrator for assistance with unlocking this account." The user will view the same message on any future login attempts until the user's account has been unlocked.
When a user is locked out, if the user clicks the Forgot my password link, an error message displays: "Your account has been locked, so you cannot change your password at this time. Contact your administrator for assistance with unlocking this account."
Whenever a user is locked out or successfully logs in, the user's previous login failures are forgotten.
Important
IMPORTANT: This setting is in effect for both Internal and any Active Directory (AD)/Lightweight Directory Access Protocol (LDAP) logins!
Lock Out Sections on Authentication Settings Page
Users are locked out if they attempt to log in but fail too many times. This information is shown in the "Account Lock Out" section on the Authentication Settings page in Site Manager.
 |
On this page, you can set the Lock Out policy, which will determine how many failed login attempts users are allowed before they will be blocked from logging in. When users exceed the specified number of failed logins within a given period of time, they will be informed that their account has been locked on any future attempts. After an additional period of time, or after the account has been manually unlocked by an administrator, the user can attempt to log in again.
Settings
Enable account lock out after a number of failed login attempts.
This is a simple option: On/Off
The default value is "On" (on new install or upgrade)
Lock users out after [attempts] failed login attempts within [counterResetTime] minutes.
If the "Enable account lock out" option (above) is set to "Off", then this entire field will be hidden. Otherwise, it will be visible.
The attempts field is a 3-character text box.
It is required (as long as this option is visible).
The value must be an integer number.
The default value is "10" (on new install or upgrade).
The counterResetTime field is a 3-character text box.
It is required.
The value must be an integer number.
The default value is "15" (on new install or upgrade).
Allow users to log back in again after [lockoutClearTime] [lockoutClearTimeUnits].
If the "Enable account lock out" option (above) is set to "Off", then this entire field will be hidden. Otherwise, it will be visible.
The lockoutClearTime field is a 3-character text box.
It is a required field (whenever it is visible).
It must be an integer number.
The default value is "15" (on new install or upgrade)
The lockoutClearTimeUnits field is a drop-down.
The drop-down values: minutes / hours / manually unlocked
The default value: minutes (on new install or upgrade)
When "manually unlocked" is selected, the lockoutClearTime field is hidden. Otherwise, it is visible.
A table of locked out users is displayed in the "Account Lock Out" area in Authentication Settings page of Site Manager. The "Currently Locked Accounts" section displays a sortable, paginated table of users that have been locked. It is shown as follows:
If the "Enable account lock out after a number of failed login attempts" option is set to "Off", then this entire table will be hidden. Otherwise, it will be visible.
If there are no currently locked users, a message is shown in the table: "No results found."
The columns are:
Account locked date - datetime that the account was locked (sort descending as default, with most recent first).
Username - username of the account that was locked.
Full name - First Name Last Name of the account that was locked.
Email address - primary email address of the account that was locked; this is a link that opens the email screen with this email as the "To" address.
Account unlock date - the date and time that the account is scheduled to automatically unlock. If the lockoutClearTimeUnits field is set to "manually unlock", then this column will NOT be displayed at all.
Unlock now - Clicking this button unlocks the account, dynamically removes the row from this list, and displays a success message above the list: "The account for user [username] has been successfully unlocked."
