InfinityOne tracks the number of consecutive attempts to log in to an account using an invalid password and will lock the account to prevent brute force attacks. Remind users that they should reset their password using the built-in Forgot your password? mechanism prior to the fifth attempt.
NOTE
The only way to unlock the account is using an administration account. For this reason, E-MetroTel strongly recommends creating a minimum of 2 administrator accounts so that if one administrator account is locked out because of too many failed attempts, the other one can unlock it.
Account Lockout
After 5 consecutive invalid password entries have been entered by a user during the login procedure, the users’ account will automatically be locked and will require an administrator to unlock it.- The account will be locked for all new attempts to log in regardless of the user interface (desktop, browser, mobile).
- Users already logged in on another interface will be able to continue working and can even change the password, but cannot unlock the account access without the support of an administrator.
- If they log out of their account from that interface, they will not be able to re-login until the account has been unlocked.
OR
Unlocking the account
- Login to InfinityOne with an Administrator account.
- Navigate to Administration –> Users and select the row containing the locked account.
- Click on the Unlock button.
- The system will provide a toaster notification that the account has been unlocked.