Skip to main content

Authentication Failure Lockout Policy

Configure the lockout policy

You can configure the lockout policy from the Admin Web UI or the command-line interface.

Important

If you’re using an external authentication system, that system might have its own lockout policy.

Manually unlock a locked-out user account

If you wish to unlock a locked-out user manually, follow the steps below.

Tip

You can't unlock a single, specific user. The steps below allow you to set the automatic lockout reset period to one second and then revert it back to the default value.

Manually unlock a user from the Admin Web UI

  1. Sign in to the Admin Web UI.

  2. Click Authentication.

  3. Under Password lockout policy, take note of your current value for the Lockout release timeout in seconds.

  4. Set the value to 1.

  5. Click Save and Update.

  6. Wait a few seconds and then set the value back to your initial value.

    Tip

    Access Server's default lockout is set to 900 seconds, or 15 minutes.

  7. Click Save and Restart.

    • The locked-out user can sign in again.

Manually unlock a user from the CLI

  1. Connect to your Access Server console and get root privileges.

  2. Run these commands to set the lockout to one second, wait two seconds, and then set it back to the default value of 15 minutes. (If desired, modify the command for your preferred lockout time.)

    sacli --key "vpn.server.lockout_policy.reset_time" --value "1" ConfigPut
sacli start
sleep 2
sacli --key "vpn.server.lockout_policy.reset_time" --value "900" ConfigPut
sacli start

  3. The locked-out user can sign in again.

In this section: