Account lockout with a local user security provider in Jitterbit App Builder
The Local user authentication provider supports account lockout. This feature tracks failed login attempts. After N failed attempts, the user account is locked. Further login attempts are blocked until the account is unlocked. A successful login attempt resets the failed login counter.
Note
When using external authentication, such as SAML Single Sign-On (SSO), it is the Identity Provider's (IdP's) responsibility to guard against attacks such as password guessing.
Enable account lockout
The account lockout feature is disabled by default. To enable account lockout, start by signing in as an administrator:
- Navigate to the IDE
- Click the Security Providers button
- In the User Authentication panel, locate the Local User provider and click the Details icon
- In the Properties panel, click the + Property button
- Select the Parameter (see below), provide a Value and click the Save icon (Check)
Account lockout parameters include:
- AccountLockoutThreshold - Maximum number of failed attempts before the account is locked. A value of zero (0) indicates that the account lockout feature is disabled.
- AccountLockoutDuration - The period of time (in minutes) for which the account will remain locked. A value of zero (0) indicates that the account will remain locked until an Administrator manually unlocks the account.
- AccountLockoutReset - The period of time (in minutes) after which the failed attempt counter is reset. A value of zero (0) indicates that the counter will not be reset.
Unlocking an account
If the user attempts to sign into a locked account, he or she will see the following message:
Invalid user name or password.
The account can be unlocked either:
- Automatically, after the account lockout reset duration.
- Manually, by an administrator.
To unlock an account, start by signing into App Builder as an administrator:
- Navigate to the IDE
- Click the User Management button
- In the Users panel, locate the user and click the Details icon
- If the account is locked, the Locked date and time will appear. If the account is not locked, the field will not be visible.
- Click the Unlock button to unlock the account