Account Lockout Thresholds

You can prevent brute-force account attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked.

In the Settings tab of the Admin page, you can set your account lockout thresholds for your users. Account lockout thresholds determine after how many failed login attempts a user is locked out of Sisense and for how long. A locked account cannot be used until you unlock it or until the number of minutes specified by the Account lockout duration policy setting expires.

Setting Account Lockout Thresholds

To set your account lockout thresholds:

  1. In the Admin page, search for and select Settings which is located under Security & Access, and scroll to the Account Lockout section.
  2. By default, Account Lockout is enabled. If it is not, toggle the Account Lockout switch to turn on account lockout thresholds.
  3. In Number of failed login attempts before lockout, enter how many attempts a user may fail before they are locked out.
  4. In Lockout duration (minutes), enter the amount of time, in minutes, that a user is locked out for after exceeding the amount of failed login attempts.
    You can also manage these settings with the REST API. See Managing Account Lockout Settings via the REST API for more information.
  5. Click Save.

Unlocking Accounts

To unlock a locked user account:

  1. In the Admin page, search for and select Users which is under the User Management section.
  2. For the relevant locked user, click . The user's account settings are displayed.
  3. Click Account Locked to unlock the user.
  4. Click Save. The user can now log in.

Managing Account Lockout Settings via the REST API

You can manage your Account Lockout thresholds through the REST API. Sisense provides two endpoints:

GET /settings/login_lockout
PATCH /settings/login_lockout

The GET endpoint returns your current threshold settings while PATCH enables you to update these settings.

The table below describes the parameters you can return and update through the login_lockout endpoints.

Parameter Type Description

enabled

Boolean

Determines if the Account Login threshold is active. The default value is true.

maxFailedAttempts

number

How many failed login attempts must occur before a user is locked out.

failedAttemptsPeriod

number

The period of time, in minutes, where if the user exceeds the amount of failed login attempts, they are locked out.

lockoutPeriod

number

The amount of time in minutes that a user is locked out for after exceeding the allowed amount of login attempts.

To access the login_lockout endpoints:

  1. In Sisense, click Admin, and then Rest API.
  2. In version 1.0 of the REST API, the login_lockout endpoints are located under /Settings.