Generally, when an
Oracle Analytics Cloud (OAC) Essbase
user attempts to log in unsuccessfully a consecutive number of times in Oracle Identity Cloud Service, the users' account will lock. The user then receives a notification that contains a link that the
user can click to reset their password and unlock their account. An administrator also can unlock accounts without requiring a password reset.
However, rarely, an admin user's account locks periodically when the user has reset their password and hasn't entered an invalid password after the reset. The periods between lockouts depend on the frequency
of the service instance access storage runs (for example database backups) as well as the
Identity Domain Cloud Service (IDCS)
setting for 'Number of failed attempts before locking account'. The max number is configurable in IDCS.
Typically, the admin user's account locks after resetting the password when the password has expired. For the admin, the password stored in the storage configuration should change immediately after or
before expiration to prevent each subsequent run of backup resulting in an invalid login attempt. If this is not changed prior to expiration, the user's account will lock after the backup run meets the
number of failed login attempts per the Password policy.
To prevent the admin user's account from periodic locks, the admin user should change their password before it expires per the IDCS password policy. Your
password policy can be found at adminconsole --> Settings --> Password Policy.
If the admin user's account password expires prior to reset, restore the password to the original value before the expiration. To do this, the password likely needs to reset to unique values multiple
times based on the number of "Previous passwords remembered" in the password policy. In the example above, the admin password should be reset 4 times before restoring to the expired password value.
After this, if you require a new password, you can leave the password as is until the next account is due to expire, or you can successfully change the password to a new value. If you change the password
after restoring, be sure to immediately identify all services storing the password and change the password value prior to the next backup run.