<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Behavior of "Show lock out failures" Property in Password Policy

Okta Classic Engine
Okta Identity Engine
Administration

Overview

This document discusses what happens when the "Show lock out failures" property is used in a password policy.

Applies To

  • Password Policy property behaviour
  • Locked out user due to the Password Policy

Solution

The intended behaviour for the "Show lock out failures" property is to show the user that their account was locked due to exceeding the allowed number of sign-in attempts. The user will be presented with the "Unlock Account screen", where all the options available to unlock the account are listed. 

  • Without this property, the user will not be notified that the account was blocked. 
  • The user will not be notified of how many sing-in attempts are left, regardless of the enablement of this property.
"Show lock out failures" is disabled"Show lock out failures" is enabled
The user will see the Sign In screen, regardless of how many times it tries to log in. The user will not be notified that its account was blocked.   When the number of allowed login attempts is overpassed, the user will see the below screen (Unlock Account screen). The user will know that the account is now locked and will be presented with the options available to unlock it.
Sign In ScreenSign In Screen


 

Related References

 
Loading
Okta Support - Behavior of "Show lock out failures" Property in Password Policy