What's the User Lockout Policy?
Question: What is Access Server's user account lockout policy?
Answer:
Access Server locks out users when they enter a wrong password three times consecutively within 15 minutes. The lockout expires after 15 minutes.
As a security precaution, Access Server automatically locks out user accounts after repeated failed authentications. When this lockout is triggered on an account, the user receives a message like "LOCKOUT" or "temporarily locked out due to multiple authentication failures" when trying to sign in. This prevents brute-force guessing the password by endlessly trying different passwords.
Exceptions to the lockout policy include user-locked connection profile authentications and bootstrap accounts. Access Server requires authentication with valid credentials to obtain a user-locked connection profile; bootstrap accounts can only bypass the lockout policy on Access Server 2.9 and older.
If you don't want to wait 15 minutes, you can modify the default lockout settings or manually lift the lockout.
Refer to our lockout policy documentation for more.