A lockout policy determines how the system locks or unlocks users after a predetermined number of consecutive unsuccessful authentication attempts. You can assign lockout policies to security domains.
In a replicated deployment, changes to policies might not be immediately visible on a replica instance. This delay is due to the fact that policy data is cached for 10 minutes. For instructions on minimizing the delay so that changes take effect sooner on a replica instance, see Flush the Cache.
In the Security Console, click Authentication > Policies > Lockout Policies > Add New.
In the Lockout Policy Name field, enter a unique name for the new lockout policy. Do not exceed 128 characters.
(Optional) To make this the default policy for all new security domains, and for any existing security domains already assigned the default policy, select Default Policy.
In the Lock User Accounts field, specify whether you want to allow users unlimited failed authentications, or limit the number of failed authentications allowed before they are locked out. By default, the system locks accounts after five consecutive authentication attempts fail within one day.
To limit the number of failed authentications, use the Unlock field to specify that you want the system to automatically unlock users after a specified amount of time, or that locked out users must be unlocked by an administrator. The default is Administrators unlock user accounts.