KB_160126: How to disable User Lock Threshold inside IDENTIKEY Web Administration9/12/2017 2:53:00 PM
If the self-unlock feature is not implemented, an administrative intervention is necessary to unlock the user.
If there is too much administrative overhead when dealing with users that frequently tend to lock themselves out, this feature can be disabled.
Each DIGIPASS user account contains a user lock count. This value is incremented whenever the user attempts a login via IDENTIKEY Authentication Server with an incorrect one-time password (OTP). It is reset to zero when a correct OTP is used.
Each policy contains a user lock threshold. If a user's lock count equals or exceeds the user lock threshold in the policy in use, the DIGIPASS user account will be locked.
If a DIGIPASS user account is already locked and user auto-unlock is enabled, the user lock count contains the number of (unsuccessful) unlock attempts using user auto-unlock. The User Lock Threshold specifies the number of invalid logon attempts that are allowed before a DIGIPASS user account is locked. For example, if User Lock Threshold is 3, the account will become locked on the third failed logon attempt. Unlocking the account requires administrator action or user auto-unlock enabled.
To disable the User Lock Threshold, navigate to the active policy inside the IAS Web Administration and go to the User tab:
Once there, click on EDIT and set the User Lock Threshold value to 0. Then, scroll down and click on SAVE. Once the value has been set to 0, this feature is effectively disabled and users authenticating via that particular policy will no longer be able to lock themselves out. Keep in mind that IDENTIKEY user account locks are separate from Active Directory account locks.
Applies to: IDENTIKEY Authentication Server
KB 160126– 12/09/2017
© 2017 VASCO Data Security. All rights reserved.