The WSO2 Identity Server can be configured to automatically unlock a user account after a certain period of time. A user account locked by failed login attempts can be unlocked by setting a lock timeout period.
Authentication.Policy.Account.Lock.Time property in the
<IS_HOME>/repository/conf/identity/identity-mgt.properties file. As mentioned in the above table, the value refers to the number of minutes that the account is locked for, after which, authentication can be attempted again.
If the lock time is set to 0, the account has to be unlocked by an admin user. For more information about on this, see Account locking for a particular usersee Locking a Specific User Account.