To help protect your user accounts from unauthorised access, you can configure SuperADMIN to lock the account if the wrong password is entered more than a certain number of times.
Configure Account Lock Settings
account command to configure the settings for account locking. You can choose:
- How many times the wrong password can be entered before the account will be locked.
- What happens if an account does become locked: you can either set the account to automatically unlock again after a certain period of time, or you can specify that accounts never become unlocked automatically (in this case an administrator will have to manually unlock the account).
Use the following commands to configure the account lock settings:
account maxattempts <value>
|Sets the default number of failed login attempts before an account will be locked. This will be the default setting and will apply to all users unless a different setting has been specifically applied to an individual user account.|
account <id> maxattempts <value>
|Sets the maximum number of failed login attempts before an account will be locked. This is the same as the previous command, except that it applies to a specific user account only.|
account locktime <seconds>
Sets the number of seconds to lock an account once the user has exceeded the maximum failed login attempts. During this time the user will not be able to login even if they specify the correct credentials.
For example, if
If you set
account <id> locktime <seconds>
|Sets the number of seconds to lock an account. This is the same as the previous command, except that it applies to a specific user account only.|
Check if an Account is Locked
To check if an account is locked, open accountCatalog.xml in a text editor and search for the record relating to the user's account. This file is updated every time a user attempts to log in to the SuperADMIN console or one of the clients. By default, it is located in C:\ProgramData\STR\SuperADMIN\server\data\.repository\
In this example the user's account is locked (
This file also tells us what authentication service the account is using (in this case it is STRLocal, the internal authentication service). To unlock this account in SuperADMIN you must log in as an administrator from the same authentication service as the locked account. This is particularly important if you are using an external authentication service such as LDAP or Active Directory. See the section below for more details.
Unlock an Account
If an account becomes locked, you can manually unlock it using the following command (replace
<id> with the ID of the locked user account):
Important Note if using an External Authentication Service
When managing user accounts, you must ensure you log in to SuperADMIN using an administrator account that belongs to the same authentication service as the user you want to manage.
For example, if you have a user with a locked account, and that user is defined in Active Directory, then you must log in to SuperADMIN using an administrator account that belongs to the same Active Directory authentication service as the locked user.
You can check what authentication service the locked account uses by looking at the record in accountCatalog.xml.
In this example the locked user's account is authenticated through Active Directory. To unlock this account you must login as an administrator account from the same Active Directory authentication service.