Software AG Products 10.11 | Using API Gateway | User Management | Manage Users, Groups, and Teams | Configuring Account Locking Settings
 
Configuring Account Locking Settings
For security purposes, it is important to lock an user account when the user fails to provide the correct password after a specified number of failed login attempts to API Gateway. A locked user account remains locked for a specific period of time, after which the account gets unlocked. API Gateway allows administrators to configure the account locking settings for administrator and non-administrator users. You can set the values for number of attempts by a user before locking the account and also the duration of the lock interval.
*To configure account locking settings
1. Expand the menu options icon , in the title bar, and select User management.
2. Click Account settings > Account locking settings.
3. Provide the following information to configure the required account locking settings.
Field
Description
Enabled
Specifies whether to enable the account locking settings.
This option is disabled by default. Select Enabled to enable the account locking settings.
Maximum login attempts
Specifies the number of attempts in the specified time interval (minutes, hours, or days) to provide the correct password before locking the account.
The default value is None.
Lockout duration
Specifies the duration (minutes, hours, or days) for which the account remains locked.
The default value is None.
Apply account locking policy to
Specifies the list of users to whom the account locking settings apply.
Specify one of the following:
*All users. Indicates the account locking rules apply to all user accounts.
*All users except predefined users. Indicates that account locking rules apply to all user accounts except the predefined user accounts (Administrator).
4. Click Save.