Account Lockout

In order to protect the eG Enterprise system from misuse by malicious users, the eG manager automatically locks out a user if he/she consistently fails to login to the eG management console. You can set when the lockout should occur, how long a user should remain locked out, and can even disable the locking capability, using the Account Lockout feature of eG Enterprise.

To configure this feature, follow the Admin -> Settings -> Manager menu sequence, expand the Account Security node in the manager settings tree-structure that appears, and select the Account Lockout sub-node within. An Account Lockout section will then appear in the right panel (see ).

Figure 22 : Defining Account Lockout Policies

Here, specify the following:

  • First, choose the type of error message that you want the eG manager to display if a user login fails. If you want the message to clearly indicate the reason for the failure, then set the Message type flag to Specific. This is useful if you want to troubleshoot the login failure (see Figure 23).

    specificmessage

    Figure 23 : A sample login screen with a specific error message

    High-security environments on the other hand, may want to be discreet about why a user login was unsuccessful, so as to discourage attempts by unscrupulous users to gain access through devious means. In such a case, its best that the Message type flag is set to Generic. In this case, when a user login fails, the eG manager will provide only a general failure message, with no specific pointers to why it failed (see Figure 24).

    genericmessage

    Figure 24 : A sample login screen with a generic error message

  • By default, account locking is enabled for the eG Enterprise system. This is why, the Enable account lockout? flag is set to Yes by default. If you want to disable this capability, set this flag to No. If this is done, then a user can try to login to the eG management console any number of times, without consequence.
  • If the account lockout feature is enabled for an eG manager – i.e., if the Enable account lockout? flag is set to Yes - then the following settings become applicable:

    • Specify the number of unsuccessful login attempts beyond which a user account (registered with eG) will be locked. Specify this number against the Allowed login failure attempts text box. By default, the value 3 will be displayed here, indicating that a user account will be locked as soon as that user’s third consecutive login attempts fails.
    • Mention what the Lockout strategy is. A locked user account can be unlocked/released in one of the following ways:

      • You can select Time as the lockout strategy and set a time duration (in minutes) beyond which a locked user account will be automatically released in the Time period text box.
      • You can set Reset as the lockout strategy if you want a locked account to be released only by an Admin user. In this case, the Admin user will have to login to the eG administrative interface, access the locked accounts page in the eG administrative interface (by selecting the Locked Accounts menu option from the User Management tile), and unlock chosen user accounts.

        Note:

        • If you select Time as the Lockout strategy, then a user whose account is locked can either wait for the time specified in Figure 22 for an automatic release or request for an Admin user’s intervention to unlock his/her account. However, if Reset is the Lockout strategy, then a user can have his/her account released only by contacting the Admin user.
        • The Lockout strategy set does not apply to users with Admin privileges to the eG Enterprise system. If an Admin user’s account gets locked, it will automatically unlock in 1 minute, thus enabling that user to try and login again.

    • Finally, click the Update button.