As the site administrator, you can determine the number of login attempts a user can make before being deactivated. By default, no limit is set. In addition, you can set a parameter that resets the count of failed logins if a specified amount of time passes after an attempted login.
You can set a time interval after which a deactivated user is reactivated automatically, or you can reactivate locked out users.
To lock out users:
Set the MAX_INVALID_LOGINS_ATTEMPT_TO_LOCKOUT Site Configuration parameter.
If the user unsuccessfully tries to log in more times than the number you assign, the user is locked out.
You can also set the INTERVAL_BETWEEN_INVALID_LOGINS_TO_LOCKOUT Site Configuration parameter.
The default value for this Site Configuration parameter is 60 seconds. If the user waits longer than this amount of time between login attempts, the count of invalid login attempts resets to zero.
When a user is locked out, the user's status is set to Inactive. Activate the user, and the user can attempt to log in again. For details, see Deactivating and Activating Users.
To automatically allow users to attempt to log in again, set the INTERVAL_TO_AUTO_RELEASE_LOCKOUT Site Configuration parameter. Once the user waits the amount of time specified in this parameter, the user is activated and can attempt to log in again.
For details on the Site Configuration parameters, see Setting ALM Configuration Parameters.