Account Lockout Thresholds
You can prevent brute-force account attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked.
In the Settings tab of the Admin page, you can set your account lockout thresholds for your users. Account lockout thresholds determine after how many failed login attempts a user is locked out of Sisense and for how long. A locked account can't be used until you unlock it or until the number of minutes specified by the Account lockout duration policy setting expires.
Setting Account Lockout Thresholds
To set your account lockout thresholds:
- In the Admin page, click Security Settings.
- By default, Account Lockout is enabled. If it isn't, toggle the Account Lockout switch to turn on account lockout thresholds.
- In Number of failed login attempts before lockout, enter how many attempts a user may fail before they are locked out.
- In Lockout duration (minutes), enter the amount of time, in minutes, that a user is locked out for after exceeding the amount of failed login attempts.
You can also manage these settings with the REST API. See the section below, Managing Account Lockout Settings via the REST API, for more information. - Click Save.
Unlocking Accounts
To unlock a locked user account:
- In the Admin page, click Users.
- For the relevant locked user, click . The user’s account settings are displayed.
- Click Account Locked to unlock the user.
- Click Save. The user can now log in.
Managing Account Lockout Settings via the REST API
You can manage your Account Lockout thresholds through the REST API. Sisense provides two endpoints:
GET /settings/login_lockout
PATCH /settings/login_lockout
The GET endpoint returns your current threshold settings while PATCH enables you to update these settings.
The table below describes the parameters you can return and update through the login_lockout endpoints.
Parameter | Type | Description |
---|---|---|
enabled |
boolean |
Determines if the Account Login threshold is active. The default value is true. |
maxFailedAttempts |
number |
How many failed login attempts must occur before a user is locked out. |
failedAttemptsPeriod |
number |
The period of time, in minutes, where if the user exceeds the amount of failed login attempts, they are locked out. |
lockoutPeriod |
number |
The amount of time in minutes that a user is locked out for after exceeding the allowed amount of login attempts. |
To access the login_lockout endpoints:
- In Sisense, click Admin, and then Rest API.
- In version 1.0 of the REST API, the login_lockout endpoints are located under /Settings.
.r.