Issue: Account Lockout threshold missing
Description:
Having no lockout threshold allows a hacker to launch a very effective brute force attack to guess user's passwords. Using an account lockout threshold of 3 or lower will significantly limit the effectiveness of any brute-forcing attempts.
Remediation:
This can to be taken care within host application by setting account lockout limits. The host application login account settings are beyond ZIETrans applications scope.
However, using ZIETrans Web Express Logon feature you can integrate ZIETrans application host login with any supported SSO provider. With this the SSO provider’s user account is used to login instead of host applications user account. Account threshold can be configured in the SSO Provider user account configurations, this will vary depending on the SSO provider considered.
Refer to the below link for more information about enabling Web Express Logon (WEL) in ZIETrans: