Invalid MFA Attempts

You can now set a maximum number of invalid MFA attempts for a user to prevent them from trying to answer the MFA indefinitely. The selected MFA factor will get disabled for a duration defined by the administrator. During this time, the user can use other MFA factors. The number of invalid attempts disables duration, and the administrator can configure the time window for invalid attempts.

1. Navigate to Security > Invalid MFA Attempts from the menu.

   

2. Enter the following details:

   • Number of incorrect MFA attempts: Enter the maximum number of attempts that a user can enter a wrong Email/SMS OTP or Challenge Response answer.
     Example:  Assume that x is 5, y is 3 mins, and z is 15 mins. Then, if the user makes five invalid OTP attempts within 3 mins, disable the MFA factor for 15 mins. The user must be able to use that MFA factor only after 15 mins have passed.

   • Invalid attempts time window: Enter the duration for tracking the number of invalid attempts within this duration.

   • Disable MFA factor after invalid attempts: Enter the duration for which the MFA will be disabled for an incorrect Email or SMS OTP or Challenge Response answer.

3.  Click Save.