Configure the Customer Account Lock Down Options for Your Website

ORDER MANAGEMENT > CUSTOMER > ADMINISTRATION

Orckestra Commerce Cloud lets you define acceptable login behavior. You can decide how many times customers can attempt to log in to your website before access to their account is revoked. You can also determine how long the account will remain locked, once this has occurred. Locked-out customers can then wait out this lock down period or contact your customer service team to get the account unlocked.

Even though the account is locked for the customer, CSRs can still access it. Under these circumstances, the Customer Details panel will show that the account is locked down and for how long.

The Customer Account can be unlocked from the Customer Details panel Account tab. For more information, see Unlock a Customer Account.

Whenever the password is reset, the account is unlocked, even if the lock down duration time has not been reached.

Configuring lock down options for your website

1.

In the Navigation panel select Configuration.

2.

Select the System Configuration tab. (This tab usually opens by default.)

3.

Scroll down to the bottom of the screen.

In the Lock Down Options section, use these three settings to dictate your lock down policy :

a.

Set the Maximum number of attempts before customer is locked down . This determines the number of unsuccessful tries before the account is locked down. Once this number has been reached, the customer can no longer access the account until the Lock down duration (configured below) has passed. The default value is 5.

b.

Set the Window time for failed attempts before lock down (in minutes) . This is the period during which the unsuccessful login attempts are counted and it begins with the first failed log in. Once this window of time has elapsed, the number of allowed attempts is reset to the value in Maximum number of attempts before customer is locked down above. The default value is 5 minutes.

If you wait for the duration of the Window time between each failed attempt it is possible to get more login attempts.

c.

Set the Lock down duration (in minutes). The number of minutes you enter here will determine how long the customer remains locked out of their account. Within this period, even if they provide accurate login information, they will not be granted access to the account. The only way for a customer to access their locked account is to wait until the lock down duration expires or to contact customer service to get the account unlocked. The default value is 30 minutes.

4.

When you are finished, click Save.

These options are more clearly illustrated with an example. Assuming you have made the selections below: 

Maximum number of attempts before customer is locked down: 3

Window time for failed attempts before lock down (in minutes): 5

Lock down duration (in minutes): 30

If a customer fails to log in 3 times within 5 minutes, their account is locked for 30 minutes. If the customer waits 30 minutes, they will be able to try again. If they are successful, they will be able to access their account.

If the customer fails twice in a row, then waits 7 minutes, they will then be able to try 3 more times because more than 5 minutes have passed since the first unsuccessful login attempt.

REFERENCES

•

Customer Configuration Details Panel

•

Customer Details Panel