Configuring Account Locking Settings

For security purposes, it is important to lock a user account when the user fails to provide the correct password after a specified number of failed login attempts to API Gateway. A locked user account remains locked for a specific period of time, after which the account gets unlocked. API Gateway allows administrators to configure the account locking settings for administrator and non-administrator users. You can set the values for number of attempts by a user before locking the account and also the duration of the lock interval.

Field	Description
Enabled	Specifies whether to enable the account locking settings. This option is disabled by default. Select Enabled to enable the account locking settings.
Maximum login attempts	Specifies the number of attempts in the specified time interval (minutes, hours, or days) to provide the correct password before locking the account. The default value is None.
Lockout duration	Specifies the duration (minutes, hours, or days) for which the account remains locked. The default value is None.
Apply account locking policy to	Specifies the list of users to whom the account locking settings apply. Specify one of the following: All users. Indicates the account locking rules apply to all user accounts. All users except predefined users. Indicates that account locking rules apply to all user accounts except the predefined user accounts (Administrator).