SmartLock management

Pointsharp ID Admin GUI > Authentication > User configuration

Manage the SmartLock feature used by the authentication methods. Open Pointsharp ID Admin GUI and click the tab Authentication to show the settings for User Lock Limit, Time Lock Limit and Time Lock.

By using SmartLock, a directory account is protected from brute-force attacks.

There are three values to configure

It is recommended to configure the Pointsharp ID Server to have a lower Lock Limit than the directory counterpart, since this will then protect the directory account to be locked by brute force attempts or user mistake.

Parameter	Description
User lock limit	The number of failed consecutive logins that a user is permitted to perform prior the user is locked in PSID. If the user is locked, the user is not allowed to authenticate ever again. Administrators can unlock the user in the Pointsharp ID Admin GUI or in the Admin Portal. Locked users can unlock themselves in the User Portal. Set to 0 to allow any number.
Time lock limit	The number of failed consecutive logins that a user is permitted to perform prior the user is time-locked. The user is not allowed to perform any authentication during the time-locked interval. Set to 0 to allow any number.
Time lock interval	The number of minutes a user is set to be time-locked. The user is not allowed to perform any authentication during the time-locked interval. The time-lock is temporarily locking the user, and then automatically unlocked.

Parameter

Description

User lock limit

The number of failed consecutive logins that a user is permitted to perform prior the user is locked in PSID. If the user is locked, the user is not allowed to authenticate ever again. Administrators can unlock the user in the Pointsharp ID Admin GUI or in the Admin Portal. Locked users can unlock themselves in the User Portal.

Set to 0 to allow any number.

Time lock limit

The number of failed consecutive logins that a user is permitted to perform prior the user is time-locked. The user is not allowed to perform any authentication during the time-locked interval.

Set to 0 to allow any number.

Time lock interval

The number of minutes a user is set to be time-locked. The user is not allowed to perform any authentication during the time-locked interval. The time-lock is temporarily locking the user, and then automatically unlocked.

After Time Lock has passed, and a successful login is made, the counters are reset.

In the Pointsharp ID Admin GUI and the Admin Portal a user will be seen as Time Locked until a new successful attempt has been made, even when the Time Lock has been released. This is because the account value will not be refreshed until next login. Please be aware of this when testing and troubleshooting.

Example 1. time lock

User lock limit: 9

Time lock limit: 3

Time lock interval: 20

The values in this example would give the user 3 attempts to enter the password, and then they will be locked for 20 minutes. After that, they will get another 3 attempts and then another time lock for 20 minutes. This will continue until they have reached a total of 9 attempts when they will be locked completely.

Using the time lock ensures that the user won’t be locked instantly, and will make it harder for brute force attacks since it will be really slow if the user is time locked every 20 minutes.

Admin locking notifications

Enable this feature when the administrator, or other designated recipient, is to receive a notification message about the fact that a Pointsharp user has been locked (or time-locked) in the Pointsharp ID authentication service.

Beware that if the time-lock interval expires and the user fails authentication repeatedly, this may result in repeated notification messages.

Parameter Description

Parameter	Description
Enabled	Turn on or off the notification when a user is locked.
Notification Method	Set this to the notification method to use when a user is locked.
Admin Address	Set the address to notify about the user that was locked.
Text	Enter the text message to be sent to the administrator about the user was locked. The `{username}` will be replaced with the username.

Enabled

Turn on or off the notification when a user is locked.

Notification Method

Set this to the notification method to use when a user is locked.

Admin Address

Set the address to notify about the user that was locked.

Text

Enter the text message to be sent to the administrator about the user was locked. The {username} will be replaced with the username.

User locking notifications

Enable this feature when the user is to receive a notification message about the fact that a Pointsharp user has been locked in the Pointsharp ID authentication service.

Beware that if the time-lock interval expires and the user fails authentication repeatedly, this may result in repeated notification messages.

Parameter	Description
Enabled	Turn on or off the notification when a user is locked.
Notification Method	Set this to the notification method to use when a user is locked.
User Attribute	Set the attribute to use when notifying the user that the user is locked. Default this is set to mail.
Subject	Set the subject (if applicable) to be sent to the user.
Text	Enter the text message to be sent to the user about the user was locked.

Parameter

Description

Enabled

Turn on or off the notification when a user is locked.

Notification Method

Set this to the notification method to use when a user is locked.

User Attribute

Set the attribute to use when notifying the user that the user is locked.

Default this is set to mail.

Subject

Set the subject (if applicable) to be sent to the user.

Text

Enter the text message to be sent to the user about the user was locked.

Time lock or locked status does not show correctly

If a user has been locked or time locked, and is unlocked by an Administrator — the user’s status will still be displayed as locked, or time locked, in PSID Admin GUI or the Admin Portal. This status will remain until a new successful login has been made. The users status will be changed in Pointsharp after new successful login.

Perform a successful login.
Verify that the status is updated and correct.
If the status remains locked, create a ticket in the Support portal for additional troubleshooting.