Specify lockout for failed login attempts
-
- UpdatedAug 1, 2024
- 2 minutes to read
- Xanadu
- Password Reset Application
The system provides inactive script actions that enable you to specify the number of failed login attempts before a user account is locked and to reset the count after a successful login.
Before you begin
Procedure
To learn more about properties that affect failed login attempts, see Managing failed login attempts (instance security hardening) in the Instance Security Hardening Settings.
| Script action | Description |
|---|---|
| SNC User Lockout Check with Auto Unlock |
|
| SNC User Lockout Check | Tracks the number of failed login attempts and locks the user account after a specified number of failed login attempts (default: 5). |
| SNC User Clear | Updates the user record after a successful login: Resets the number of failed login attempts and updates the date of the last login. |
What to do next
Each time a user attempts to log in, the action is recorded in an event log. You can view a log of failed login attempts.
- Navigate to .
- Filter for login.failed in the Name field. You can view the attempted login name, date, and IP address logged for the attempt.
Related Content
- Configure password expiration reminder
You can configure the password reset expiration reminder feature to send notifications to change or reset a user’s password whenever it is going to expire.
- Credential stores for Password Reset
Credential stores hold user information such as user names and passwords that can be used as login credentials. Examples include the User table [sys_user] or an Active Directory server.
- Password Reset verifications
Each verification specifies the method and process for verifying the identity of the user that is requesting a password reset.
- Configure your Password Reset process to auto-enroll users
To simplify management, many organizations auto-enroll users in the Password Reset program. Every base-system verification type enables you to specify automatic enrollment for your process.
- Enable users to enroll for Password Reset
To enable users to enroll for the Password Reset program, you specify a UI macro that takes the user through the enrollment process and a script that processes the enrollment data that the user entered. The base system includes a functioning macro and script.
- Configuring Password Reset properties
You can specify properties that configure the Password Reset experience for end users.
- Send email to remind users to enroll for Password Reset
You can automatically send messages that remind users to enrolled in the Password Reset process. You specify the text of the message and can configure the messages to repeat at intervals.
- Configure the required strength for passwords
The password that a user defines must meet certain requirements — for example, it must contain at least 12 characters, it must include a numeral, and so on. You can configure the requirements as needed for your organization.
- Configure Google reCAPTCHA for the password reset process
To use the Google reCAPTCHA service, instances that are running on a domain other than service-now.com require an API key pair from Google.