Need Account lockout in 7.1.8
Hi, our client is looking for Account Lockout feature in Securiy Policies. See attached doc.
https://pdn.pega.com/how-configure-login-security-and-password-policies-0
From the PDN article, it is available in Pega7.1.x but we do not see it in our Design Studio. We have 7.1.8.
My understanding is that this might be available in 7.2.1 and can be made availalbe for 7.1.8 via an HFix (or an enhancement package).
Could you let us know how we can deliver this feature to our client?
Thanks,
Will
Pegasystems Inc.
US
Hi Will,
We recommend you to upgrade to Pega 7.2.1 or Pega 7.2.2 (after GA) to get this feature, I remember working on the similar Hotfix requirement and I can say there are significant rule changes and class changes to have this feature working as expected without any repercussions.
Hence, I believe getting this feature as a hotfix in older versions isn't recommended.
- Harish
Pegasystems Inc.
US
Hi Harish, thanks for your comment.
We just upgraded to Pega7.1.8 recently, and our client won't do another upgrade for long as an upgrade requires significant planning and budget.
https://pdn.pega.com/how-configure-login-security-and-password-policies-0
Even though HFix may not be recommended, an upgrade is not an option at this time.
Do you have a SR reference for the simliar requirement you worked before?
Appreciate if you advise how we can move forward.
Accepted Solution
Pegasystems Inc.
US
Hi Will,
HFIX-25414 has been provided for Pega 7.1.9 version and you also need HFix-28681 to get rid of one repercussion and I've worked on SR-A87992 for the same customer.
-Harish
Pegasystems Inc.
US
Hello Will,
I have seen this working in 7.1.8
Which specific lockout penalty are you looking at?
Pegasystems Inc.
US
Hey Amit, our client is looking for the Account lockout feature. It is availalbe in Pega7.1.x but we don't see it in our 7.1.8. See Attached. Thanks if you can offer any insight.
https://pdn.pega.com/how-configure-login-security-and-password-policies-0
Account lockout
You can enforce account lockouts after repeated failed attempts by an operator to thwart brute-force attacks. When an account is locked, the Pega 7 Platform does not allow any further login attempts until the account is unlocked. The account can be unlocked manually or automatically based on your preferences.
Activating account lockout policy
To configure your account lockout policy, do the following steps:
Hey Amit, our client is looking for the Account lockout feature. It is availalbe in Pega7.1.x but we don't see it in our 7.1.8. See Attached. Thanks if you can offer any insight.
https://pdn.pega.com/how-configure-login-security-and-password-policies-0
Account lockout
You can enforce account lockouts after repeated failed attempts by an operator to thwart brute-force attacks. When an account is locked, the Pega 7 Platform does not allow any further login attempts until the account is unlocked. The account can be unlocked manually or automatically based on your preferences.
Activating account lockout policy
To configure your account lockout policy, do the following steps:
- Set the Enable authentication lockout penalty policy to Disabled status. This step is required because you cannot enforce account lockout and lockout penalty policies at the same time.
- Set the Failed login attempts before password lockout policy to the maximum number of allowed login attempts. When the number of failed attempts exceeds the number set in this policy, the account is locked.
- Set the Password lockout duration policy to the time period (in minutes) for which you want the account to remain locked:
- Set the policy to a non-zero value if you want the account to be unlocked automatically after the specified time is over.
- Set the policy to zero value if you want the account to be unlocked manually.
Pegasystems Inc.
JP
I remember the feature was provided as HFIX-25414 for v7.1.9.
See mesh post below
https://mesh.pega.com/message/224202#224202