Self-Service TasksConfigure the Forgotten Password Reset and Forgotten User ID TasksLock the Forgotten Password Reset or Forgotten User ID Task › Configure a Failed Attempt Limit

Previous Topic: Lock the Forgotten Password Reset or Forgotten User ID Task

Next Topic: Configure a Successful Attempt Limit

Configure a Failed Attempt Limit

To configure Identity Manager to lock the Forgotten Password Reset or Forgotten User ID task after failed verification attempts:

  1. Navigate to the Configure Forgotten Password Search Screen, if necessary.
  2. Configure the criteria for verification failure, as needed:

    If a user exceeds any of the specified criteria, Identity Manager records a verification failure.

  3. In the Failed Attempt Limit field, enter the number of consecutive times a user can fail the verification process before they are locked out of the task.

    Identity Manager locks the user out of the task, and optionally disables the user's account, if the user attempts to verify his identity after the Failed Attempt Limit has been reached. For example, if the failed attempt limit is 3, the user is locked and disabled on the fourth failed attempt.

  4. Select the Disable User check box to disable a user's account in addition to locking the task when the failed attempt limit is exceeded.
  5. In the Failed Attempt Lockout Length field, enter the length of time that a user is locked out of the task if she exceeds the failed attempt limit.

    You can specify minutes, hours, and days. To indicate that no limits apply, enter 0.

    Note: The attribute you specify must be defined in the directory configuration file (directory.xml) for the Identity Manager environment.

  6. Select the attribute that Identity Manager will use to track verification attempts in the Attempt Tracking Attribute field.

Copyright © 2009 CA. All rights reserved.