How to configure Account Lockout Policy

The Account Lockout Policy allows you to define the maximum number of failed attempts a user can complete before blocking the access, for a predefined period. During this period, the user can’t attempt to log in again, preventing unauthorized access.

This guide walks you through configuring the Account Lockout Policy.

Configuring an account lockout policy

1. Run the following GET request in your terminal to obtain the current status of the Account Lockout Policy in your account.
   • By default, it’s inactive.

curl --request GET \
  --url https://api.azion.com/v4/auth/policies/lockout \
  --header 'Accept: application/json' \
  --header 'Authorization: 123'

2. You’ll receive a response similar to this:

{
  "data": {
    "active": false,
    "max_attempts": 1,
    "blocking_period": 0
  }
}

3. Run the following PUT request in your terminal to update the status of the Account Lockout Policy in your account.

curl --request PUT \
  --url https://api.azion.com/v4/auth/policies/lockout \
  --header 'Accept: application/json' \
  --header 'Authorization: 123' \
  --header 'Content-Type: application/json' \
  --data '{
    "active": true,
    "max_attempts": 1,
    "blocking_period": 0
   }'

Where:

4. You’ll receive a response similar to this:

{
  "state": "executed",
  "data": {
    "active": true,
    "max_attempts": 1,
    "blocking_period": 0
  }
}

Done. Account Lockout Policy is now active in your account. Now, users will be blocked if exceeding the maximum allowed number of failed login attempt, for the defined period.