<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009hcKTFCA2Okta Classic EngineInsights and ReportingAnswered2025-09-28T09:00:45.000Z2023-10-11T16:03:39.000Z2023-10-13T12:21:38.000Z

lx1mf (lx1mf) asked a question.

Edited October 11, 2023 at 4:07 PM
Event outcome result consistency for user.account.lock events

Hi, sorry if this was asked before;

 

I was wondering what is the reasoning behind the outcome.result given in the two possible user.account.lock events. It seems like the user.account.lock events returns an outcome.result FAILURE, which is to be expected, but the user.account.lock.limit returns an outcome.result SUCCESS when it triggers in our systems.

 

If this is expected behavior, could you please explain the reasoning behind the distinct outcome results? I would expect that a user action (such as locking their account by attaining the limit) also be considered a FAILURE.

 

Image is not available
 

 

  • 4 answers
  • 938 views
User16594883467582706479, lx1mf, and GuilhermeR.81656 like this.

  • a0n5s (a0n5s)

    @lx1mf (lx1mf)​ 

    could you check this document:

    https://developer.okta.com/docs/reference/api/event-types/#catalog

     

    user.account.lock

    Auto-lock user account for Okta.

     

    user.account.lock.limit

    This event is fired when a user account has reached the lockout limit. The account will not auto-unlock and a user or client cannot gain access to the account. This event indicates an account that will not be able to log in until remedial action is taken by the account admin. This event can be used to understand the specifics of an account lockout. Often this indicates a client application that is repeatedly attempting to authenticate with invalid credentials such as an old password.

    Expand Post

  • lx1mf (lx1mf)

    Hi @a0n5s (a0n5s)​ , yes I have read the catalog and the event definition.

     

    The catalog is fairly brief in describing events in themselves, there is no example event output from which to get information to corroborate.

     

    Can you explain why an event that is 'indicating an account that will not be able to log in until remedial action is taken by the account admin' is triggered as outcome.result SUCCESS ? (see image provided in my initial comment)

    Expand Post

  • a0n5s (a0n5s)

    Hi @lx1mf (lx1mf)​ Sorry, I search user.account.lock.limit in our test environment, I can't find any log. maybe you can create case with support and let they clarify.

     

    • lx1mf (lx1mf)

      No worries. If you didn't know you can simulate this event yourself by locking an account multiple times in succession. The user 'flow' I've seen for this to occur involves the auto-unlock mechanism that happens after an account is locked for invalid attempts.

       

      Flow:

       

      User Locks Account ==> User does not unlock himself, abandons logging in ==> Okta auto-unlocks account after a set period (10min, also a config I think). (==> Flow restarts)

       

       

      If you repeat this flow, after 5 times (or so) you will trigger the user.account.lock.limit event, which from my understanding serves as a distinct lock event indicating there will no longer be any auto-unlocking done by Okta, only via manual admin intervention.

      Expand Post
This question is closed.
Loading
Event outcome result consistency for user.account.lock events