Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
jstan
Staff
Staff

Created on ‎09-17-2020 01:34 AM Edited on ‎08-08-2025 02:11 AM By Staff

Article Id 197308

Technical Tip: FortiAuthenticator Inactive user lockout policy

Description


This article describes the behavior of user inactive lockout policy for local users. This does not work on Remote users.

 

Scope

 

FortiAuthenticator.

Solution


User inactive lockout policy can be configured so that inactive users are disabled after a period of inactivity (It can be configured between 1-1825 days, default 90 days).

edit1.png

 

Disabled users will not be able to authenticate via FortiAuthenticator and an admin user has to manually enable the user in order to re-activate it.

However, do take note that this option is only applicable to Local users defined under User Management -> Local Users, Remote users are not affected by this policy.  For remote users, it is expected for the RADIUS/LDAP/TACACS+ server to implement by returning an authentication failure for the account.

 

Related document:

Lockouts 

3675
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.