Detect invalid login attempts and lock user in a rule

I have a requirement from a customer to block or force a password change after 5 invalid login attempts. Brute force is not configurable. How can I do this in a rule or other way?

Hey there @jstevenson! You can setup a rule that forces the end user to change their password after X amount of failed attempts. It’s also important to note that after 10 failed attempts from the same IP address Brute Force protection kicks in as described here. Please let me know if this helps answer your questions. Thanks!

I wanted to follow up @jstevenson and see if you had any further questions on the subject. Thanks!

How do I know when an invalid login attempt happens and how do I know when those failed logins reach a limit?

1 Like

I was able to confirm with support @jstevenson that Anomaly Detection should notify all tenant admins in the event of those failed logins reached.

I have a question regarding the same requirement and a rule I am building to implement it.
Is there a way to access the count used by the built-in trigger mentioned in this link?

Or does the count of failed logins need to be generated dynamically by querying the logs?


1 Like

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?