This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMS - lock user's access to the product after 3 invalid attempts

We have a mixture of Questions and Answers users and SMS (mobile authenticator) users. For our Q&A users, they have 3 attempts at correctly answering their questions before they are locked out from using the software (it does not lock their AD account) which sounds like a great idea.

However, I have yet to find a way to implement the same 'lock out' policy for SMS based users.

Does anyone know how to configure this?

  • Hi Christian,

    I’ve just done some testing and we can’t apply a lockout policy directly to a user if he enters the pin incorrectly a number of times.
    However there is a workaround that can be applied.
    If you structure the workflow so that the user is required to answer a single question before being prompted for a pin code and if they fail to enter the pin code correctly 3 times they will get locked out.

     

    In my lab I included the answer with the question.

    Anybody can answer the question but if the pin is entered incorrectly 3 times then the Q&A is locked out and because it is wrapped around the Phone Verification then that becomes inaccessible until the Q&A profile is unlocked.

     

    Regards,

     

    Jim C.

  • Hi Jim

    We have two separate policies, scoped to two separate AD groups. We have Q&A users and SMS users. We are encouring our users to opt in for SMS as they are likely to forget these and end up having to call our helpdesk anyway.

    Is there any other solution, or is it possible to submit a feature request?

    Regards
    Christian
  • Hi Christian,

    I'll open up an SR on your behalf and have it submitted through that SR as a feature request.

    Regards,
    Jim