Locked out for repeated password incorrect failures (as expected) but offers registration?
Hey just wondering about some behaviour I've noticed around login lockouts - I have my defaults for the instance set to lock an account if they have failed their password 3 times in a row, pretty standard stuff.
This does show an account is locked warning when this happens, but if they navigate to the website again in a new tab it offers them to register via google/active directory (my external IdPs) rather than just telling them they're locked out and need to contact an administrator.
If they then register with an external IdP (assuming they have an account there) it unlocks the account and allows login - but I wish to keep an account locked at this point.
Is this expected behaviour/configurable?
0 Replies