Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

Capture User Account Lockout Event

Ramkumar
10-Marble

Capture User Account Lockout Event

Is there a way to capture the user lock event, when user gets automatically locked as per User Account Lockout Settings in UserManagementSubsystem.

We would like to capture the time(last updated) when user was locked/unlocked as part of audit.

Also if user is locked manually through service,still user gets unlocked as per settings.Is there a way to keep user locked until user is manually unlocked

ACCEPTED SOLUTION

Accepted Solutions
slangley
23-Emerald II
(To:yanchen)

Hi @Ramkumar.

 

Assuming you're running ThingWorx 8.x, you can set the Minutes Locked Out setting to 0 to prevent the account from automatically unlocking.  Please refer to this page in the Help Center that discusses this.

 

For alerting on an automatically locked user, you can make use of the LoginFailed event on the SecurityMonitor thing.  This event is thrown every time a user fails a login attempt.  By subscribing to this event, you can then trigger the isLocked service for that user to check the user status.  This returns a boolean--if locked it will be true.  If true, you can then respond per your needs.

 

For a manual locked scenario, you can write a custom service that wraps the LockUser service (exists on the user entity) and also executes the triggering of your alert and any other actions required.  You would use this service as opposed to running any out-of-the-box services as this will trigger your logic.

 

For your last question regarding closing an active user session when the user is manually locked, this is the behavior in the latest versions of ThingWorx.  If you are seeing different behavior, please let us know which ThingWorx version you are running.

 

 

Regards.

 

--Sharon

View solution in original post

6 REPLIES 6
yanchen
15-Moonstone
(To:Ramkumar)

Hi,

we may use GetLockedUsers service to fulfill this (add timestamp?):

Resources["EntityServices"].GetLockedUsers()

Also ThingWorx application log reports user lock information as well.

 

The settings in UserManagementSubsystem are global, whenever manually log in failure or service lock event, both events apply, so it may not fulfill this to separate both scenarios.

 

yanchen
15-Moonstone
(To:yanchen)

Also, in database user_model table , there are settings named locked and lockedTime which you can use.

Resources["EntityServices"].GetLockedUsers() service will give you list of locked users.

However we would like to capture the time when user gets locked/unlocked automatically due to unsuccessful login attempts.

 

Is there a way to subscribe for lock event so that we can look up the user_model table for lockedTime?

 

Also is there any way to differentiate if user is locked manually or automatically?Because,if user is manually locked, then we do not want to modify updatedTime property after user gets unlocked automatically in the background as per UserManagementSubsystem setting

 

Note:If user is manually locked, we are disabling the user(as a work around) ,so that user can login successfully  only when user is manually enabled

Also is it possible to force logout a user, if user is locked manually. E.g. I have a user logged into a Dashboard(Mashup) and that user is being locked by Administrator from a different browser.Now is it possible for the user being logged out,once it gets locked?

slangley
23-Emerald II
(To:yanchen)

Hi @Ramkumar.

 

Assuming you're running ThingWorx 8.x, you can set the Minutes Locked Out setting to 0 to prevent the account from automatically unlocking.  Please refer to this page in the Help Center that discusses this.

 

For alerting on an automatically locked user, you can make use of the LoginFailed event on the SecurityMonitor thing.  This event is thrown every time a user fails a login attempt.  By subscribing to this event, you can then trigger the isLocked service for that user to check the user status.  This returns a boolean--if locked it will be true.  If true, you can then respond per your needs.

 

For a manual locked scenario, you can write a custom service that wraps the LockUser service (exists on the user entity) and also executes the triggering of your alert and any other actions required.  You would use this service as opposed to running any out-of-the-box services as this will trigger your logic.

 

For your last question regarding closing an active user session when the user is manually locked, this is the behavior in the latest versions of ThingWorx.  If you are seeing different behavior, please let us know which ThingWorx version you are running.

 

 

Regards.

 

--Sharon

slangley
23-Emerald II
(To:slangley)

Hi @Ramkumar.

 

If one of the previous posts answered your question, please mark the appropriate one as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

Announcements


Top Tags