Advanced Tab

You use the Advanced tab to specify the number of consecutive erroneous login attempts permitted by a user, enable logging in the System Log when a user fails to log in to the system, and configure user authentication by selecting the relevant authentication method.

image-20240725-031839.png
Access Controller - Advanced tab screen

 

Options

Description

Options

Description

Login

Number of Consecutive Erroneous Login Attempts

To configure the maximum number of consecutive failed login attempts, open the Advanced tab, and set a value in Number Of Consecutive Erroneous Login Attempts.

The default is 3. 

This feature is only enabled when Enhanced User Security is activated. When the maximum number of failed login attempts is reached, the user account is locked. For more information, refer to Enhanced User Security.

When a user account is locked, the password settings for the user account must be updated in the Users tab, unless Enable Automatic Unlocking Of Users is selected.

Enable Logging for User Login

To configure the system to log failed attempts in the System Log, open the Advanced tab, and select the check box Enable Logging For User Login. Successful logins and locked accounts are always logged regardless of this setting.

Enable Automatic Unlocking Of Users

This checkbox is available when enhanced user security is enabled. For more information, refer to Enhanced User Security

Select this check box to automatically unlock accounts disabled due to failed login attempts. Accounts that have been manually disabled from the Users tab are not affected by this setting.

Time Before Automatic Unlocking (Minutes)

This field is enabled when the checkbox for Enable Automatic Unlocking Of Users is checked.

Enter the time that should pass before a locked account is automatically unlocked by the system.

The minimum value is 1 minute.

Authentication

Reauthenticate Users after Inactivity

To configure the system to reauthenticate users after a period of inactivity in the Desktop or mzsh shell (interactive mode), open the Advanced tab, and select the check box Reauthenticate Users After Inactivity.

Time Before Reauthentication (Minutes)

This field is enabled when the checkbox for Reauthenticate Users After Inactivity is checked.  

Set the maximum inactive time here.

On the Desktop, the duration of time that the user does not perform any actions is counted as inactive time, regardless of ongoing processes. However, users are not logged out due to inactivity but must authenticate again to continue the session.

In the mzsh shell, the duration of time that the user does not press any key is counted as inactive time, provided that there is no ongoing command execution. Users are logged out due to inactivity and are prompted to enter the password again.

Authentication Method

There are two selections available in this dropdown list: Default, and LDAP.

User authentication is by default performed on the desktop. Alternatively, you can connect the Platform to an external LDAP directory for delegated authentication. This facilitates automation of administrative tasks such as the creation of users and assigning access groups as mentioned in LDAP Authentication

By selecting LDAP, more fields for LDAP settings will be displayed.

Access Controller - Advanced tab - LDAP settings screen