This documentation is in progress and includes all updates released after Identity Server 5.4.1. For documentation specific to a version, see About This Release.
User Account Locking and Account Disabling - WSO2 Identity Server 5.x.x - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

Account locking and account disabling are security features in WSO2 Identity Server (IS) that can be used to prevent users from logging in to their account and from authenticating themselves using their WSO2 IS account. The account locking feature is used to temporarily block a user from logging in, for example, in instances where there have been many consecutive, unsuccessful login attempts. Account disabling is a more of a long-term security measure, which disables the account for a significant amount of time. 

The following pages describe various ways the account can be locked and disabled:

Related Topics
  • See  Enable last login and last password modified timestamps for more information on how to customize a user's profile to enable viewing of timestamps for the last time the user logged in and last time the user modified the password.
  • By default, the claim values of the identity claims used in this feature are stored in the JDBC datasource configured in the identity.xml file. See Configuring Claims for more information on how to store the claim values in the user store.
  • No labels