Skip to Content

Enabling automatic password unlocking

 

When your BMC Helix Innovation Suite account is locked due to failed password attempts, the account is automatically unlocked after the specified time interval. You need not contact an administrator to unlock the account.

By using the Centralized Configuration, administrators can set the number of incorrect password attempts and the time interval after which the account is automatically unlocked.

Enabling the automatic password unlock feature helps you maintain a safe access to your environment, prevent brute force attacks, and offer a better user experience.

Related topics

Setting-up-passwords-and-their-policies

Enforcing-a-password-policy-for-BMC-Helix-Innovation-Suite

Forcing-users-to-change-their-passwords

The account lockout and automatic unlock features apply only to internal users authenticated through AR System Authentication. For environments using Remedy Single Sign-On (RSSO) with an external Identity Provider (IdP), such as Azure AD, LDAP, or SAML, the account lockout and unlock settings must be managed within the IdP.

 

Information
Example

Allen Allbrook, an administrator at Apex Global, configures automatic password unlocking for internal users authenticated via AR System Authentication.
Allen sets the value of the Max-Password-Attempts setting to 3, meaning a user account will be locked after three incorrect password entries. He also sets the Max-Unlock-Attempts to 3, allowing the system to automatically unlock the account up to three times after the specified unlock time interval. The unlock time interval is defined using the Auto-Time-To-Unlock setting in the Centralized Configuration, which Allen sets to 600 seconds

 

To enable automatic password unlock for BMC Helix Innovation Suite account

To enable automatic password unlocking, administrators use the following settings in the Centralized Configuration:

Setting name

Default value

Description

Max-Password-Attempts3

Number of incorrect password attempts before the account is locked.

Max-Unlock-Attempts

5

Number of times the account is automatically unlocked.

Auto-Time-To-Unlock

600 seconds

Time interval after which the account is automatically unlocked.

Consider the following points when you enable automatic password unlocking:​​

  • The time interval for automatic account unlocking increases in multiples of the initial value set in the Auto-Time-To-Unlock setting. This progressive delay helps prevent brute-force attacks by slowing down repeated login attempts.
    For example, consider the following configuration:

    Auto-Time-To-Unlock = 600 seconds
    Max-Unlock-Attempts     = 3
    Max-Password-Attempts     = 3 (required for auto unlock to work)

    You have 3 chances to log in. If all three attempts have incorrect passwords, your account will be locked. After the first lockout, the account automatically unlocks after 600 seconds. If you enter incorrect credentials again and trigger a second lockout, the account unlocks after 1200 seconds (600 × 2). On a third lockout, the unlock time increases to 1800 seconds (600 × 3).

  • If you exceed the value set for the Max-Unlock-Attempts setting, your account gets locked. You must contact your administrator to unlock the account. 
  • During business hours, if the administrator changes the value of the Max-Unlock-Attempts setting, the system honors the current value. 
    For example, if you update the value of the Max-Unlock-Attempts setting to 3 from 5 during business hours, the account gets locked at the fourth incorrect password attempt.

 

To track user account activity

Track logs of incorrect password attempts through the AR escalation logs stored in the db folder.

The following screenshot shows the escalation logs:

user_account_unlock.png

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Innovation Suite 25.3