Skip Navigation

Prevent users from being locked out of their accounts

You can configure
BlackBerry Enterprise Identity
to prevent users, such as
Active Directory
users, from being locked out of their account because of too many failed
BlackBerry Enterprise Identity
sign-in attempts. This feature is disabled by default.
If you set the
BlackBerry Enterprise Identity
lock out threshold lower (for example, one less) than the
Active Directory
lockout threshold, your organization's users will be locked out of
BlackBerry Enterprise Identity
before being locked out of
Active Directory
.
  1. In the
    BlackBerry UEM
    management console, on the menu bar, click
    Apps
    .
  2. Click
    Add an app
    .
  3. Click
    Enterprise Identity
    .
  4. Click
    Open Enterprise Identity console
    . The administrator console opens in a new browser tab. If the console does not open, ensure that you have enabled pop-ups in your browser.
  5. On the
    Settings
    page, click
    Lockout
    .
  6. Turn on
    Enable account lockout
    .
  7. Set the following options:
    • Login attempt threshold
      : Sets the number of failed attempts before the account is temporarily locked out.
    • Login duration (minutes
      ): Sets the number of minutes that an account will be locked out for. When this timer has been exceeded, the account should be unlocked for the next sign in attempt.
    • Reset duration (minutes)
      : Sets the number of minutes that must elapse after a failed log in attempt before the failed log in attempt counter is reset to 0.
  8. Click
    Save
    .