Configure your lockout policy

With the Lockout policy, you can block users who consecutively failed to log in a defined number of times.
To define your lockout policy, configure the following settings:

  • In Max Attempts, accept the default number of 3 allowed login attempts or enter another value.

    If the user exceeds this number, their account is automatically locked-out.

  • In Lockout Duration, accept the default Never Unlock setting or enter another value that defines how long the locked-out user account should remain blocked.

    You can select Never Unlock if you want the user account to remain locked-out. If this setting is selected, the locked-out user won't be able to log in and will have to contact the IT department to request their account to be unlocked.


The following lockout values are applied by default:

Max attempts: 3
Lockout duration: Never Unlock

If you disable the lockout subpolicy, your custom policy inherits and applies lockout settings from your global policy. If you disable the lockout subpolicy in your global policy, the default values listed above are in effect.

How to

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Policies.

  2. On the Policies page, navigate to the policy that you want to edit and click the policy's name to display its settings.
    The policy configuration page displays.

  3. In the sidebar menu, select Lockout to enable the edition of these settings.

  4. In the Lockout area, accept the default number of Max Attempts and time of the Lockout Duration, or provide other values.

  5. Click Save & Deploy.

    This overwrites and saves your newly added lockout configuration.