About this task
For security purposes, it is important to lock an user account when
the user fails to provide the correct password after a specified number of
failed login attempts to
webMethods API Gateway.
A locked user account remains locked for a specific period of time, after which
the account gets unlocked.
webMethods API Gateway
allows administrators to configure the account locking settings for
administrator and non-administrator users. You can set the values for number of
attempts by a user before locking the account and also the duration of the lock
interval.
To configure account locking settings
Procedure
-
Expand the menu options icon
, in the title bar,
and select
User management.
-
Click
Account settings > Account locking
settings.
-
Provide the following information to configure the required
account locking settings.
| Field
|
Description
|
| Enabled
|
Specifies whether to enable the
account locking settings.
This option is disabled by default. Select Enabled to
enable the account locking settings.
|
| Maximum login
attempts
|
Specifies the number of attempts in
the specified time interval (minutes, hours, or days) to provide the correct
password before locking the account.
The default value is None.
|
|
Lockout duration
|
Specifies the duration (minutes,
hours, or days) for which the account remains locked.
The default value is None.
|
|
Apply account locking policy to
|
Specifies the list of users to whom
the account locking settings apply.
Specify one of the following:
- All users. Indicates the
account locking rules apply to all user accounts.
- All users except predefined
users. Indicates that account locking rules apply to all user
accounts except the predefined user accounts (Administrator).
|
-
Click
Save.