This documentation supports the 21.3 version of Action Request System.

To view an earlier version, select the version from the Product version menu.

Enabling automatic password unlocking


When your  BMC Helix Innovation Suite  account is locked due to failed password attempts, the account is automatically unlocked after the specified time interval. You need not contact an administrator to unlock the account.

By using the Centralized Configuration, administrators can set the number of incorrect password attempts and the time interval after which the account is automatically unlocked.

Enabling the automatic password unlock feature helps you maintain a safe access to your environment, prevent brute force attacks, and offer a better user experience.


Example

 Allen Allbrook, an administrator at Apex Global sets the value of the Max-Unlock-Attempts setting to 3, allowing users to make three incorrect attempts when entering the password. In this case, the user account is automatically unlocked after the specified time interval.

Allen specifies the time interval by using the Auto-Time-To-Unlock setting in the Centralized Configuration. 


To enable automatic password unlock for BMC Helix Innovation Suite account

To enable automatic password unlocking, administrators use the following settings in the Centralized Configuration:

Setting nameDescription
Max-Unlock-Attempts

Number of times that the account is unlocked automatically.

Default value: 5

Auto-Time-To-Unlock

Time interval after which the account is automatically unlocked.

Default value: 600 seconds

Consider the following points when you enable automatic password unlocking:

  • The time interval for auto unlock increases in multiples of the initial value that you have set for the Auto-Time-To-Unlock setting.
    For example, consider that the value of the Auto-Time-To-Unlock setting is set to 600 seconds and the Max-Unlock-Attempts setting is set to 3. In this case, the account is unlocked automatically if you enter an incorrect password three times. However, 

    • when you enter an incorrect password for the first time, the account is unlocked after 600 seconds. 

    • if you make another attempt of incorrect password, the account is unlocked after (600*2) that is after 1200 seconds. 

    • If you continue to enter incorrect password, the account is unlocked after (600*3) that is after 1800 seconds.

  • If you exceed the value set for the Max-Unlock-Attempts setting, your account gets locked. You must contact your administrator to unlock the account. 
  • During business hours, if the administrator changes the value of the Max-Unlock-Attempts setting, the system honors the current value. 
    For example, if you update the value of the Max-Unlock-Attempts setting to 3 from 5 during business hours, the account gets locked at the fourth incorrect password attempt.


To track user account activity

Track logs of incorrect password attempts through the AR escalation logs stored in the db folder.

The following screenshot shows the escalation logs:

Was this page helpful? Yes No Submitting... Thank you

Comments