Keeping people safe is at the heart of SafetyCulture’s purpose, so we want to ensure that your data is safe and secure. As part of this goal, we have made it possible to set up account lockouts in your organization to protect your team’s iAuditor accounts. This article shows you how you can set up the failed login attempt lockout setting in your organization, and outlines answers to some of the frequently asked questions for this feature.
Set up failed login attempt lockout
You must be an administrator to configure the failed login attempt lockout setting.
- Log in to the iAuditor web app.
- Click your organization/team name on the lower-left corner of the page.
- Select “Settings” from the tab on the top of the page.
- Scroll to the bottom of the page to find the “Team log in” pane.
- Click “Edit” on the upper-right corner of the pane.
- Select the checkbox for “Enable failed attempt login”.
- Configure the fields accordingly:
Number of attempts: Set the number of login attempts to accept before locking out the account.
Lockout duration (minutes): Set the duration the account will be locked once the number of attempts is reached.
Restart lockout duration on subsequent attempts: Enable if you would like subsequent login attempts to restart the lockout duration, regardless of their success. For example, if an account is locked out for 30 minutes and the user fails to log in again after only 10 minutes, the lockout duration of 30 minutes will restart.
- Click 'Save changes” to complete the failed login attempt lockout setting.
How does account lockout work with Single Sign-On?
The account lockout feature can only be enabled if “allow both SSO and non-SSO log in” is selected. However, the feature will only work for non-SSO login attempts, meaning if a user fails to log in via SSO, the account lockout will not be triggered. Learn more about iAuditor Single Sign-On and how you can request it for your organization.
Does the feature apply to all platforms once a user is locked out?
Yes. The feature is associated with accounts, meaning if a lockout is triggered, it would be applied to an account on all platforms.
Can the account lockout be bypassed in any way for a single account?
No. The only way to allow a single account to log in once their account is locked is to either wait for the lockout duration to lapse, or to disable the feature for the entire organization.