How are Empower login and password settings controlled for login attempts, LDAP, and reset timer? - WKB95834

ENVIRONMENT

• Empower 3

ANSWER

The number of attempts can be changed, but once the account is locked (disabled) only an admin can unlock it. There is no option to self unlock based on time.

Exception - When users and passwords are controlled by LDAP, LDAP rules apply.

ADDITIONAL INFORMATION

• In the Empower System Policies, LDAP section, the credentials used to allow Empower access to the LDAP environment are stored in the Oracle database. They are not in an accessible file.
• The user account is disabled if the failed attempt counter is reached across any/all locked active session windows.
• The system policy Applications Timeout after x minutes must be enabled (this will lock windows after the set time, requiring authentication to unlock).
• Entering the correct password in any active window after a number of incorrect entries (not exceeding the failed attempts setting) will reset the counter.
• The counter of failed attempts will apply to each password dialog within an active session window. This applies when the confirm identity required is enabled; it is expected behaviour.

Example - if you change system configuration and try two wrong passwords and then try to enter DHCP, you can enter two wrong passwords without being locked out.

Example - Attempt to create a new user with two incorrect passwords. Then move to create a new user type where you can enter two incorrect passwords.

However, if the failed attempts threshold is exceeded in any of the authenticate dialogs within a window/session, the user account is locked and authentication is not possible in any other dialog.