We are trying to figure out how the accounts are locked for invalid logins utilizing ADFS and a User Store pointing to Active Directory. We can see that if we use Miniorange as a IDP it handles the account locking. For the userstore or ADFS the account do not lock so we have an issue.
1.) The userstore – How do we handle account locks – Do we need to pass a paramater to LDAP to lock the account?
2.) ADFS – Do we Active Directory lock the account?
If we use a Read-Only we couldn’t do it and I don’t see any setting within Miniorange to allow to do account locking with ADFS or a LDAP userstore. We did import the users into MO and activated several users, but we can enter a invalid password 100 times and the account does not lock.
Any help or suggestions would be great appreciated.
Our team is currently working on a couple of projects and we are testing different ways to protect user directories, such as Active Directory and LDAP. The most reliable, we believe, is the dspa, which protects the system at all available levels. Working with databases is much easier and more reliable, and the settings are tailored to any situation. The 2fa plugin supports a variety of platforms, including azure active directory, and maintaining it requires no extra effort – everything is extremely simple and there were no such problems.