Part of the Password Management module
|Issue||As part of the Password Management module, IMG is able to regulate user login attempts and lock out accounts that fail multiple times in a row. These settings default to 3 attempts, and a 15 minute lock out window for the account. These settings can be changed to meet a customer's security needs.|
|Resolution||As a user with admin privileges, log in to the product and navigate to Admin->System->Security->Edit. The settings for account lockout are under the first header. You can numerically define a value for each setting, or choose to have unlimited, which functionally disables lockouts.|
|Notes||When a user gets locked out, subsequent login attempts to will result in the following error: "Maximum unsuccessful login attempts exceeded. You may try again at (local time + X minutes)." Login attempts on a locked account do not reset the lockout period, so it is always X minutes after the attempt that locked you.|
Admin errors are generated when users are locked out.
Successful logins are logged in the T_AV_USER_CHANGES_LOG table. However, unsuccessful attempts are not. This table also tracks Logouts, Role Changes, and Entitlement Changes.