<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Is There a Permanent Lockout for Accounts that have Been Locked 10 Times in a Row
Nov 29, 2023
Okta Identity Engine
Administration
Overview
As stipulated in the Password Policies article, in the event that a user attempts to enter their password 10 times consecutively, Okta will impose a lockout, provided that the default duration for the Password Policy remains unchanged. Moreover, if the users are AD sourced, the lockout may propagate to AD, rendering the user locked on the AD side, for which no action can be taken from the Okta side.
Applies To
  • Password Policies
  • User Lockouts
  • Self Service reset
Solution

In Okta, a permanent lockout by entering the password a certain number of times does not exist. The length of a user's lockout is established based on the password policy and can be set up to a maximum of 9999 minutes. Once an administrator has cleared a user's locked-out status or it has expired, their incorrect password counter will reset, and the user can log in normally. There is no predetermined number of lockouts that result in permanent lockout; however, entering the recovery factors wrongly multiple times in a row(usually 5) can set the user's account to a suspended state, needing the reactivation from an admin via the Okta admin dashboard.


Related References

Recommended content

Still looking for help?
Loading
Is There a Permanent Lockout for Accounts that have Been Locked 10 Times in a Row