In order to protect against brute force attacks, CloudBlue Commerce temporary locks a user account (staff member or service user) after several sequential failed login attempts.
After a user is locked, a corresponding screen is displayed at the next login attempt.
The length of the lock-out period is configured by your provider. If necessary, you can unlock a user before the end of the lock-out period.
You can access a list of locked users (users temporarily restricted from accessing the control panel after several sequential failed login attempts), on the Account Settings > More Tools > Locked Users screen.
The list shows the following information:
- User Name - email of the locked user.
- IP address - IP address, from which the login attempts were performed.
- Locked at - timestamp the user was locked at.
- Unlock on - timestamp the user will be unlocked on.
Important: If the IP address filed reads "Unknown" and the Unlock on filed reads "According Active Directory Settings", it means that a user was locked during login attempts directly to some online service, for example OWA. In this case, the user will be applied the lockout policies set by your provider.
Generally, a locked user is unlocked automatically after the lock-out period set by the provider is over. Sometimes, it may be necessary to manually unlock a user before the lock-out period ends - for example, upon request from a locked customer.
To manually unlock a user, perform these steps:
- On the Account tab, go to Account Settings > More Tools > Locked Users.
- Select the name of the user you wish to unlock and click on the Unlock button.
After the user is unlocked, the user's record disappears from the list.