When a user account is locked, the user cannot authenticate and access protected resources. A user account can be locked in two ways:
Lockout policy. This policy locks a user account if authentication fails a specified number of times using the primary authentication method. Lockout policies apply to the total number of logon attempts a user makes regardless of the type of credential used for each attempt.
Note:If the lockout policy is configured to unlock a user after a certain period of time, the user will be unlocked when the time expires. The user will show as “True” (locked) in the Locked Out field in reports until the next successful authentication.
Token policies. Token policies determine RSA SecurID PIN lifetime and format, and fixed passcode lifetime and format. They are assigned to security domains and apply to all tokens assigned to users managed by a given security domain. If a user puts the wrong tokencode in a specified number of times, they will be locked out.