Description
This article describes the behavior of user inactive lockout policy for local users. This does not work on Remote users.
Scope
FortiAuthenticator.
Solution
User inactive lockout policy can be configured so that inactive users are disabled after a period of inactivity (It can be configured between 1-1825 days, default 90 days).
Disabled users will not be able to authenticate via FortiAuthenticator and an admin user has to manually enable the user in order to re-activate the user.
However, do take note that this option is only applicable to Local users defined under User Management -> Local Users, Remote users are not affected by this policy. For remote users, it is expected for the RADIUS/LDAP/TACACS+ server to implement by returning an authentication failure for the account.
However, do take note that this option is only applicable to Local users defined under User Management -> Local Users, Remote users are not affected by this policy. For remote users, it is expected for the RADIUS/LDAP/TACACS+ server to implement by returning an authentication failure for the account.
Related document:
