Is there a way to capture the user lock event, when user gets automatically locked as per User Account Lockout Settings in UserManagementSubsystem.
We would like to capture the time(last updated) when user was locked/unlocked as part of audit.
Also if user is locked manually through service,still user gets unlocked as per settings.Is there a way to keep user locked until user is manually unlocked
Hi
Assuming you're running ThingWorx 8.x, you can set the Minutes Locked Out setting to 0 to prevent the account from automatically unlocking. Please refer to this page in the Help Center that discusses this.
For alerting on an automatically locked user, you can make use of the LoginFailed event on the SecurityMonitor thing. This event is thrown every time a user fails a login attempt. By subscribing to this event, you can then trigger the isLocked service for that user to check the user status. This returns a boolean--if locked it will be true. If true, you can then respond per your needs.
For a manual locked scenario, you can write a custom service that wraps the LockUser service (exists on the user entity) and also executes the triggering of your alert and any other actions required. You would use this service as opposed to running any out-of-the-box services as this will trigger your logic.
For your last question regarding closing an active user session when the user is manually locked, this is the behavior in the latest versions of ThingWorx. If you are seeing different behavior, please let us know which ThingWorx version you are running.
Regards.
--Sharon
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
