I was wondering if there is a build-in function to block an user from logging in for an hour after failing to provide a correct password several times in a row. If not, is this possible to build with a plug-in and could someone provide any directions on how to achieve this?
Thanks in forward!
Well, it depends on your backend directory type.
Internal directories have a Maximum Invalid Password Attempts option but as far as I know there is no way to automatically unlock users after a certain duration. You could actually build a plugin for this, or a simpler option would be to run a cron script every hour (you can use Crowd REST API for this)
LDAP directories usually provide the required feature. For instance in Red Hat Directory Server, you will need to configure an account lockout policy and set the lockout duration. Active Directory also has an account lockout duration parameter in its Account Lockout Settings.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event