Account Lockout/Properties/Actions in Decisions

charlesjohnson
charlesjohnson
in Settings

I am currently configuring Account Lockout within Decisions. I have a couple questions pertaining to how Account Lockout works with Decisions. I am wondering: 


How does one unlock an account that has been locked out? 

 

How can a Decisions Administrator tell if an account is locked out? 

 

How long is an account locked out by default? Is the lockout period configurable? 

 

Do lockouts apply to SAML accounts or just local account types? 

 

If I wanted to manage locked out users through a created Dashboard, how could I do so? 


In addition, I was also looking to get some more clarity on the following:


What’s the difference between deactivating an account and deleting it? Does deleting an account delete the account from the DB or just set the Delete flag for the account?


What does it mean when an account is confirmed? What happens if an account is unconfirmed?

Comments

  • Cody_Decisions
    Cody_Decisions

    Hey there, 

     

    I would be glad to help you understand more about the Account Lockout option within Decisions. For your questions of: 

     

    How does one unlock an account that has been locked out? 

     

    If an account was locked out due to too many attempts, an admin user can "unlock" the account by navigating to the Account in System > Security > Accounts and right-clicking the respective account. The action "Reset Number of Attempts" should appear which would allow the user to login to the Portal again, effectively "unlocking" the account. This option will ONLY appear if the account has been locked out.

     

    image.png


    How can a Decisions Administrator tell if an account is locked out? 

     

    If the "Reset Number of Attempts" action is available for the respective account, the account is locked out. An additional method you can use to check if a user is locked out is by having a Report Source the "Account Data Source" and have the "Email Address" and the "Number of Attempts" field selected. By comparing an Account's "Number of Attempts" with the set "Number of Attempts" in the Portal Settings, you could determine if an Account has been locked out. 

     

    The set Portal Setting:

    image.png


    The Report:

    image.png


    How long is an account locked out by default? Is the lockout period configurable? 

     

    When an account becomes locked out, the user will be locked out indefinitely until an administrator unlocks it. Currently, the lockout period is not configurable. 

     

    Do lockouts apply to SAML accounts or just local account types? 

     

    Lockouts do not affect SAML accounts and as it stands only affect local accounts. 

     

    In addition, if I wanted to manage locked out users through a created Dashboard, how could I do so? 

     

    You can configure a Report (which can then be placed onto a Dashboard) to check if a user is locked out by having a Report Source the "Account Data Source" and have the "Email Address" and the "Number of Attempts" fields selected. The Dashboard user could then compare the current Account's "Number of Attempts" with the set "Number of Attempts" in the Portal Settings to see if they would be locked out. 

      

    They can then have the option to "unlock" the account by using the "Reset Number of Attempts" action by Overriding the Action Context. This action will only be available to users if they are locked out and not to users who aren't. Attached below is the respective configuration for the Report. 

     

    The Report's property configuration:

    image.png


    The Report Action on the Dashboard:

    image.png


     What’s the difference between deactivating an account and deleting it? Does deleting an account delete the account from the DB or just set the Delete flag for the account?


    The main difference between deactivating and deleting an account is the account's data persistence within Decisions. If an account is deactivated, you can still access the deactivated account's data (such as their email) for further use in Flows/Reports etc. You can also re-activate any de-activated account.

     

    More on Deactivating/Activating User Accounts: https://documentation.decisions.com/docs/deactivating-a-user-account

     

    If an account is deleted, it will remove the account from the Decisions UI (the Accounts Page) and will not show the account when using the "Account Data Source" in a Report. The account will not be deleted from the database and only the "deleted" flag will be set.


    What does it mean when an account is confirmed? What happens if an account is unconfirmed?

     

    The Is Confirmed setting on an account marks the account as a "valid and authenticated" account. If an account is unconfirmed, the account will not be able to login to the Portal.

     

    More on the "Is Confirmed" setting: https://documentation.decisions.com/docs/adding-a-user-account?highlight=Is%20Confirmed

     


    I hope this helps! 

     

    -Cody 

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories