You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
I was wondering if there is a build-in function to block an user from logging in for an hour after failing to provide a correct password several times in a row. If not, is this possible to build with a plug-in and could someone provide any directions on how to achieve this?
Thanks in forward!
Well, it depends on your backend directory type.
Internal directories have a Maximum Invalid Password Attempts option but as far as I know there is no way to automatically unlock users after a certain duration. You could actually build a plugin for this, or a simpler option would be to run a cron script every hour (you can use Crowd REST API for this)
LDAP directories usually provide the required feature. For instance in Red Hat Directory Server, you will need to configure an account lockout policy and set the lockout duration. Active Directory also has an account lockout duration parameter in its Account Lockout Settings.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.