User lockout

You can set some parameters of the user lockout functionality in Business Center. The following are the parameters related to user lockout:

Parameter Comment Initial Value
MaxFailedLoginAttemtps Must be an integer. Controls the number of failed login attempts a user can make before the account gets locked. 5
LockoutDuration Must be an integer. Controls the duration in minutes for an account to be locked. 30

The LockoutDuration parameter does not affect a forced user lockout.

Configuring lockout duration

To configure the number of minutes before unlocking a user, perform the following steps in the Business Center:

  1. Log on to the Business Center as a merchant administrator.

  2. Click the Application Setup > Application Details link in the navigator.

  3. Search for the parameter LockoutDuration under the User Account group and set appropriate value. The value is equivalent to minutes.

  4. Click Save.

Configuring login attempts

To specify the maximum number of failed attempts before a user account is locked, perform the following steps in the Business Center:

  1. Log on to the Business Center as a merchant administrator.

  2. Click the Application Setup > Application Details link in the navigator.

  3. Search for the parameter MaxFailedLoginAttempts under the User Account group and set the value.

  4. Click Save.

Force Locking or Unlocking a User Account

When a user account gets locked, the lock state will last for a specified number of minutes. After the time limit expires, the account is automatically unlocked again and the user can login as normal.

You can also force a user lockout. When a user account is forcibly locked, it cannot be unlocked unless you unlock it. The LockoutDuration parameter you set does not apply on a forcibly locked account.

Perform the following steps in the Business Center to forcibly lock a user account, remove the forced lockout, or unlock an account that was locked because of many failed login attempts (while the lockout duration has not lapsed yet):

  1. Log on to the Business Center as a merchant administrator.

  2. Click the Users link in the navigator.

  3. Select a user account.

  4. On the Account Status field, select Force Lock or Unlock.

  5. Click Save.

Note: You cannot perform this procedure on a guest user account.