Configuring Account Locking Settings

Edit online

For security purposes, it is important to lock an user account when the user fails to provide the correct password after a specified number of failed login attempts to webMethods API Gateway. A locked user account remains locked for a specific period of time, after which the account gets unlocked. webMethods API Gateway allows administrators to configure the account locking settings for administrator and non-administrator users. You can set the values for number of attempts by a user before locking the account and also the duration of the lock interval.

To configure account locking settings

Expand the menu options icon , in the title bar, and select User management.
Click Account settings > Account locking settings.

Provide the following information to configure the required account locking settings.

Field	Description
Enabled	Specifies whether to enable the account locking settings. This option is disabled by default. Select Enabled to enable the account locking settings.
Maximum login attempts	Specifies the number of attempts in the specified time interval (minutes, hours, or days) to provide the correct password before locking the account. The default value is None.
Lockout duration	Specifies the duration (minutes, hours, or days) for which the account remains locked. The default value is None.
Apply account locking policy to	Specifies the list of users to whom the account locking settings apply. Specify one of the following: All users. Indicates the account locking rules apply to all user accounts. All users except predefined users. Indicates that account locking rules apply to all user accounts except the predefined user accounts (Administrator).

Click Save.