Hi,
To reduce maintance costs and to keep certain people out of our systems we would like to get more control on account logon auditing.
We like to have a certain set of features when IAM is used for access control.:
- To register failed logins (by logging this in IAM)
- In which it would be nice to get an IP-adress with that failed login. (reverse proxy headers)
- To set certain lockout threshold (i.e. #of failed logins)
- To lock accounts when failed logins are over said certain threshold (i.e. 3 failed logins and account is locked)
- To set the lockout duration (i.e. 15 minutes) where 0 = indefinite lockout
rgds, Ricky