Skip Navigation

Prevent users from being locked out of their accounts

You can configure 
BlackBerry Enterprise Identity
 to prevent users, such as 
Active Directory
 users, from being locked out of their account because of too many failed 
BlackBerry Enterprise Identity
 sign-in attempts. This feature is disabled by default.
If you set the 
BlackBerry Enterprise Identity
 lock out threshold lower (for example, one less) than the
Active Directory
 lockout threshold, your organization's users will be locked out of 
BlackBerry Enterprise Identity
 before being locked out of 
Active Directory
.
  1. In the 
    BlackBerry UEM
     management console, on the menu bar, click 
    Apps
    .
  2.  Click 
    Add an app
    .
  3. Click 
    Enterprise Identity
    . A message appears asking you to synchronize 
    Enterprise Identity
     services.
  4. Click 
    Open Enterprise Identity console
    . The administrator console opens in a new browser tab. If the console does not open, ensure that you have enabled pop-ups in your browser.
  5. Click 
    Enterprise
    .
  6. In the 
    Account Lockout Settings
     section, turn on 
    Enable Account Lockout
    .
  7. Set the following options:
    • Login attempt threshold
      : Sets the number of failed attempts before the account is temporarily locked out.
    • Login duration (minutes
      ): Sets the number of minutes that an account will be locked out for. When this timer has been exceeded, the account should be unlocked for the next sign in attempt.
    • Reset duration (minutes)
      : Sets the number of minutes that must elapse after a failed log in attempt before the failed log in attempt counter is reset to 0. 
  8. Click 
    Save