Too many failed attempts to log in to a user account could be a security risk. Administrators can decide when Blackboard Learn locks user accounts to protect them from unauthorized access. In the Administrator Panel, in the Security section, select Account Lock Settings.
Select Account Lock Settings
The following table describes the available fields. [r] indicates a required field.
FIELD | DESCRIPTION |
---|---|
Enable Account Locking | |
Lock accounts after failed logins | Select the radio button to Enable or Disable account lockout. By default, lockout is enabled. |
Account Lock Settings | |
Maximum Login Attempts [r] | Provide the maximum number of incorrect login attempts a user is allowed before their account is locked. The default maximum is 5. Attempts reset after the Account Lock Period expires. |
Login Period [r] | Provide the number of seconds during which a user can try to log in, up to their Maximum Login Attempts. The default setting is 300 seconds. If a user doesn’t successfully log in during this period, their account is locked. |
Account Lock Period [r] | Provide the number of minutes a user’s account remains locked. The default setting is 360 minutes. If you enter 0, accounts will remain permanently locked unless an administrator manually unlocks them. |
Unlock upon password reset | If Enable is selected, users can reset their passwords to unlock their accounts. If Disable is selected, users can wait for the Account Lock Period to expire or administrators can unlock accounts. |
Active Session Termination | |
Forced Expiry [r] | When enabled, users will automatically be logged out of the system after the maximum number of hours. |
Maximum Session Age | Maximum amount of time a user session can be active. |
Inactive Session Timeout | |
Maximum Inactivity [r] | The maximum amount of time a user session can be inactive before being automatically logged out. The maximum amount of time for an inactive session must be set between 15-480 minutes. |
Concurrent Session Control | |
Concurrent Sessions [r] | The number of active sessions a user may have at one time across all authentication types, including mobile apps. Options are 1, 2, 3, or unlimited. |