The Password Policy provides the option Account is automatically unlocked after [x] minutes to automatically unlock a user after a specified period of time. With this option checked, a user who gets locked out due to too many unsuccessful password attempts (which is determined by the Lock out user after [x] unsuccessful attempts option if it is checked), Okta will automatically unlock that account. This, however, has a limit of 10 Auto-unlocks without any successful login (any successful password login resets the counter).
- Password Policy
- Auto-Unlock
When a User has been locked out 10 times in a row without a successful login, the account will no longer be automatically unlocked by Okta, and the following System Log Event will be generated: "The user has been locked out 10 times in a row without a successful login. The account will no longer be automatically unlocked by Okta. SUCCESS" These events can be found using the following System Log query:
eventType eq "user.account.lock.limit"In this scenario, the User can be unlocked by an Admin or by the User through Self-Service Unlock (if permitted by their corresponding Password Policy Rule). Other than that, there are no other scenarios where a User will not be auto-unlocked when the Password Policy is set to do so.
