Symantec IGA

  • Private Community
 View Only

  • 1.  Tracking Failed Form Entry Attempts

    Posted May 18, 2018 08:59 AM

    Is there a way to track failed attempts for a field in a form?

    For example, if a user attempts to confirm password on a modified form and fails three times, I would like to send an email to an admin/manager that that an invalid attempt to confirm password was made.

    The only OOTB failed attempt tracking (that I know of) is for Forgot Password QnA process.



  • 2.  Re: Tracking Failed Form Entry Attempts
    Best Answer

    Broadcom Employee
    Posted May 18, 2018 06:58 PM

    If you are submitting the form for processing on IDM, you can configure a px policy for this task to achieve this business need.

    Note:  You also need to store the current strike of failed attempts in the user attribute available on screen for this purpose. On form create a hidden property to match this attribute ( target).



  • 3.  Re: Tracking Failed Form Entry Attempts

    Posted May 30, 2018 12:59 AM

    I used ‘Validate on Change’ UI event and was able to track failures (to update the form field).

    However, when the third attempt was successful, the PX still sent an email to the admin.



  • 4.  Re: Tracking Failed Form Entry Attempts

    Broadcom Employee
    Posted May 30, 2018 04:42 AM

    What is the email policy you are using to send email? How are you checking the strike count before sending the email?

    Please provide the email policy details here.



  • 5.  Re: Tracking Failed Form Entry Attempts

    Posted May 30, 2018 08:59 AM

    I update (add values to) a multi-valued attribute and at each validation check the length of the of the attribute in the one PX-1. I am also updating a second attribute (from another PX-2 policy-Submission/Validate on Submit, tried both) if the attempt is successful. PX-2 has a lower priority number. However PX-1 is not able to read the attribute set by PX-2 in time to stop processing. This approach may be overly complex.



  • 6.  Re: Tracking Failed Form Entry Attempts

    Broadcom Employee
    Posted May 30, 2018 02:13 PM

    Yes, it seems overly complex logic.

     

    Try this simple approach ( assuming you are using IM forms/screen and not Identity Portal form).

    1-  Define a password policy: Enable Track failed logins or successful logins

    Enable Additional Password Policies - CA Identity Manager - 14.0 - CA Technologies Documentation 

    2-  Configure this policy to disable account once the failed attempts exceeded the configured number.

     

    3-  Now define an Email policy that will trigger an email on Account Disable Event.

     



  • 7.  Re: Tracking Failed Form Entry Attempts

    Posted May 31, 2018 09:26 AM

    I am tracking failed attempts to submit passwords on specific tasks.

    For example: if the user fails to submit the correct new password (confirm password or current password) on the 'Change My Password' or 'Reset User Password' task. 

    The configuration on the password policy only track login attempts.