This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
User Account Locking and Account Disabling
Account locking and account disabling are security features in WSO2 Identity Server (IS) that can be used to prevent users from logging in to their account and from authenticating themselves using their WSO2 IS account. The account locking feature is used to temporarily block a user from logging in, for example, in instances where there have been many consecutive, unsuccessful login attempts. Account disabling is a more of a long-term security measure, which disables the account for a significant amount of time.Â
The following pages describe various ways the account can be locked and disabled:
- See  Enable last login and last password modified timestamps for more information on how to customize a user's profile to enable viewing of timestamps for the last time the user logged in and last time the user modified the password.
- By default, the claim values of the identity claims used in this feature are stored in the JDBC data source configured in theÂ
identity.xml
 file. See Configuring Claims for more information on how to store the claim values in the user store.