Hello Jira Community,
I am new to the board and my organization uses SSO and Two-Factor authentication to access Jira Service Management(JSM). Please kindly advise of the below questions:
1. For users that get locked out of their account due to failed attempts, does Jira inform the users that their accounts have been locked out? We'd like to simplify our helpdesk interactions and reduce user frustration should their account meet the threshold for lockouts.
2. What security mechanism does JSM employ in instances of lockouts?
A) Do account lockouts consider brute-force attacks(i.e. lots of usernames with a few passwords)?
B) Do account lockouts prompts leak or provide the validity of the usernames? We're hoping that usernames are not validated on the frontend.
Thank you.