Blog

Preventing and Resolving User Locks in OAC

Generally, when an Oracle Analytics Cloud (OAC) Essbase user attempts to log in unsuccessfully a consecutive number of times in Oracle Identity Cloud Service, the users' account will lock. The user then receives a notification that contains a link that the user can click to reset their password and unlock their account. An administrator also can unlock accounts without requiring a password reset.

However, rarely, an admin user's account locks periodically when the user has reset their password and hasn't entered an invalid password after the reset. The periods between lockouts depend on the frequency of the service instance access storage runs (for example database backups) as well as the Identity Domain Cloud Service (IDCS) setting for 'Number of failed attempts before locking account'. The max number is configurable in IDCS.

Typically, the admin user's account locks after resetting the password when the password has expired. For the admin, the password stored in the storage configuration should change immediately after or before expiration to prevent each subsequent run of backup resulting in an invalid login attempt. If this is not changed prior to expiration, the user's account will lock after the backup run meets the number of failed login attempts per the Password policy.

To prevent the admin user's account from periodic locks, the admin user should change their password before it expires per the IDCS password policy. Your OAC Essbase password policy can be found at adminconsole --> Settings --> Password Policy.

Preventing and Resolving User Locks in OAC

If the admin user's account password expires prior to reset, restore the password to the original value before the expiration. To do this, the password likely needs to reset to unique values multiple times based on the number of "Previous passwords remembered" in the password policy. In the example above, the admin password should be reset 4 times before restoring to the expired password value.

After this, if you require a new password, you can leave the password as is until the next account is due to expire, or you can successfully change the password to a new value. If you change the password after restoring, be sure to immediately identify all services storing the password and change the password value prior to the next backup run.

Contact MindStream Analytics

Still have questions? Fill out the form below to talk to a MindStream consultant.


Latest testimonial

MindStream Analytics is a leading consulting firm focused on helping clients improve business understanding and decision making. With years of experience in the analytics and Business Performance Management area, MindStream offers customers services ranging from software selection and implementation to best practices for financial planning. MindStream will work with customers towards a solution that enhances value and offers more insight into their data. MindStream believes in the power of technology combined with new procedures to give customers better analytic capabilities


Partner SpotLight

Oracle Partner

Oracle

Oracle has the most comprehensive suite of integrated, global business applications that enable organizations to make better decisions, reduce cost..

Oracle Profile

Share: