Is there a way to report on users that have been locked out due to too many failed login attempts?

Russ Hancock · ‎01-18-2017

I am trying to determine if there is a way to either report on (or trigger an Email notification for) users that have failed to log in a set number of times, and are thus locked out.

darius_koohmare · ‎01-18-2017

Sure thing Russell. Create an email notification on the User table whenever 'locked out' 'changes to' 'true'. You can email the users manager, the users email on their account, etc.

There are system properties that control the # of failed attempts for lockout, found here: Specify lockout for failed login attempts

View solution in original post

darius_koohmare · ‎01-18-2017

Sure thing Russell. Create an email notification on the User table whenever 'locked out' 'changes to' 'true'. You can email the users manager, the users email on their account, etc.

There are system properties that control the # of failed attempts for lockout, found here: Specify lockout for failed login attempts

Russ Hancock · ‎01-18-2017

Thanks Darius! That should definitely do what I want to accomplish. I was hoping there is an Event Log entry that is generated like there is for the individual failed login attempts ("login.failed"), but I'm guessing that isn't the case for users that are actually locked out as a result of a set number of failed logins... correct?

darius_koohmare · ‎01-18-2017

The logs do show all invalid login attempts: View the log of failed login attempts

Russ Hancock · ‎01-18-2017

Thanks Darius! Yes, I was aware of the "login.failed" Event log, but I don't see anything for users that are locked out.