1. Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

    For more information, see the inline comments and the following table.

    Property Description
    MaxConsecutiveFailures The maximum number of failed attempts before a user is locked out for a time period.

    The default value is 3.

    Note:

    The per-instance setting in the HTML Form Adapter and the Username Token Processor overrides this property.

    LockoutPeriod The amount of time in minutes that a user is locked out when the MaxConsecutiveFailures threshold is reached.

    The default value is 1 minute.

    If you have a PingFederate clustered environment, edit this file on the console node.

  2. Save the change.
  3. Restart PingFederate.
  4. If you have a PingFederate clustered environment, click Replicate Configuration in System > Server > Cluster Management.