Previous Topic: Lock the Forgotten Password Reset or Forgotten User ID TaskNext Topic: Configure a Successful Attempt Limit


Configure a Failed Attempt Limit

To configure CA Identity Manager to lock the Forgotten Password Reset or Forgotten User ID task after failed verification attempts:

  1. Navigate to the Configure Forgotten Password Search Screen, if necessary.
  2. Configure the criteria for verification failure, as needed:

    Note: Specify 0 for the options that do not apply.

    If a user exceeds any of the specified criteria, CA Identity Manager records a verification failure.

  3. In the Failed Attempt Limit field, enter the number of consecutive times a user can fail the verification process before they are locked out of the task.

    CA Identity Manager locks the user out of the task, and optionally disables the user’s account, if the user attempts to verify his identity when the Failed Attempt Limit has been reached. For example, if the failed attempt limit is 3, the user is locked and disabled on the third failed attempt.

  4. Select the Disable User check box to disable a user’s account in addition to locking the task when the failed attempt limit is exceeded.
  5. In the Failed Attempt Lockout Length field, enter the length of time that a user is locked out of the task if they exceed the failed attempt limit.

    You can specify minutes, hours, and days. To indicate that a particular limit does not apply, enter 0.

    Note: The attribute you specify must be defined in the directory configuration file (directory.xml) for the CA Identity Manager environment.

  6. Select the attribute that CA Identity Manager will use to track verification attempts in the Attempt Tracking Attribute field.