This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JoseLuisMartinM
Occasional Contributor
Occasional Contributor
‎2019-11-06 05:38 AM

Lockout policy for Cloud Authentication users

Jump to solution

Hi all,

 

We have an AM 8.4 integrated with Cloud Authentication Service.

 

We have defined in the AM a lockout policy for all users that allows automatic unlock after 15 minutes. But we've noticed this policy is not applied to users using MFA, they stay locked and must be manually unlocked through AM console.

 

Is there a way to apply a lockout policy for the MFA authentications?

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
TedBarbour
Employee
Employee
‎2019-11-06 10:41 AM

Jump to solution

Hi Jose - cloud lockout policies are documented here.  

 

Hope that is helpful,

Ted

View solution in original post

0 Likes
Reply
4 Replies
TedBarbour
Employee
Employee
‎2019-11-06 10:41 AM

Jump to solution

Hi Jose - cloud lockout policies are documented here.  

 

Hope that is helpful,

Ted

0 Likes
Reply
JoseLuisMartinM
Occasional Contributor
Occasional Contributor
‎2019-11-06 11:30 AM

Jump to solution

Thanks Ted!

 

Yes, we have lockout policies configured there, but we've noticed they're not applying.

 

The situation is this: we are using the Approve method to authenticate a VPN with Cisco Anyconnect and a Cisco ASA as VPN concentrator. The ASA has an authentication timeout and if the user doesn't approve the authentication before the timeout, the Authenticate app enters a loop, asking again and again for approves... till the user ends locked. And stays unlocked until we manually unlock him/her.

0 Likes
Reply
TedBarbour
Employee
Employee
In response to JoseLuisMartinM
‎2019-11-06 12:41 PM

Jump to solution

There is no approve lockout so not sure I understand the description. I would recommend opening a support case so that we can see your configuration and the behavior first hand.

 

Thanks,

Ted

0 Likes
Reply
JoseLuisMartinM
Occasional Contributor
Occasional Contributor
In response to TedBarbour
‎2019-11-19 06:38 AM

Jump to solution

Hi, Ted!

 

Thanks for your help. After reviewing and testing now (I think) I know what's happening.

 

Approve method doesn't get locked, is the Authenticate tokencode. I was confused with the password lockout and I thought it was applicable also to the Authenticate tokencode.

 

But as far as I can see, there's no way to apply an automatic lockout to the Authenticate tokencode, only the retries till it gets locked. Is that correct?

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.