---
title: Configuring user account lockout settings
description: Configure settings to lock user accounts based on too many failed authentication attempts.
component: pingfederate
version: 13.0
page_id: pingfederate:administrators_reference_guide:pf_config_user_account_lockout_settings
canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_config_user_account_lockout_settings.html
revdate: July 8, 2025
section_ids:
  steps: Steps
  related-links: Related links
---

# Configuring user account lockout settings

Configure settings to lock user accounts based on too many failed authentication attempts.

## Steps

1. Edit the `<pf_install>/pingfederate/server/default/data/config-store/com.pingidentity.common.security.AccountLockingService.xml` file.

   The following table provides more information about the file properties.

   |   |                                                                                                |
   | - | ---------------------------------------------------------------------------------------------- |
   |   | If you're running PingFederate in a clustered environment, edit this file on the console node. |

   | Property                 | Description                                                                                                                                                                                                                        |
   | ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | `MaxConsecutiveFailures` | The maximum number of failed attempts before a user is locked out for a time period.The default value is `3`.&#xA;&#xA;The per instance setting in the HTML Form Adapter and the Username Token Processor overrides this property. |
   | `LockoutPeriod`          | The amount of time in minutes that a user is locked out when the `MaxConsecutiveFailures` threshold is reached.The default value is `1` minute.                                                                                    |

2. Save the change.

3. Restart PingFederate.

4. If you're running PingFederate in a clustered environment, click **Replicate Configuration** in **System > Server > Cluster Management**.

## Related links

* [Configuring an HTML Form Adapter instance](pf_config_html_form_adapt_instance.html)

* [Configuring a Username Token Processor instance](pf_config_username_token_processor_instance.html)