Rate limiting policy locks out a user when an invalid or incorrect Soft PIN is entered consecutively for 3 times in a span of 24 hours.

Rate limiting policy

Rate limiting policy is enabled by default for SMS for better security. To configure it, navigate to All, and then enter sys_cs_provider.list in the filter. Open the SMS record, and configure the following properties on the Provider Properties tab.

  • softpin_lockout_enabled: Enables Soft PIN lockout functionality. The default Value is true.
  • softpin_max_invalid_attempts_interval_hrs: The window where users can make the maximum Soft PIN attempts.
    Note: The maximum window is 24 hours.
  • softpin_max_retry_attempts: Number of attempts for the user to enter an incorrect Soft PIN after the user account is locked out.
    Note: The maximum number of attempts is 3.

    If your account is locked, you are treated as a guest user when you start a new conversation. The bot confirms that your account is locked. You are then provided with the public topics and you can also unlock the account using the Setup/Reset Verification Profile Virtual Agent topic to reset the Soft PIN and Google authenticator.

The Provider Properties tab lists entries for each of these parameters, including the value and description.