Subscription administrators can set a user password lockout policy limiting the number of times a user may unsuccessfully attempt to log in to Rally Software®. This greatly enhances the security of your subscription and inhibits attempts of unauthorized users access to your Rally subscription. To keep unauthorized users from attempting to breach your Rally security by guessing passwords, you can set the lockout fields for your entire subscription.

To set password lockout:

1. Click the Setup link from the Rally navigation bar in the upper-right corner of the Rally display.
2. Click the Subscription tab.
3. From the Actions button, select Edit Subscription.
4. In the Password Policies section, enter a number of invalid attempts before a lockout occurs and the length of time the user is locked out.
   • If a user exceeds the maximum number of invalid log in attempts, they receive an error message stating the account has been locked and they are instructed to contact their subscription administrator. If the subscription has email notifications enabled, the user will also receive an email stating they have been locked out and the length of time they are locked out per the subscription configuration.
   • The system administrator can edit the user account and unlock it by clearing the checkmark from the field This account is locked. Click to unlock. After this change is saved, the account is successfully unlocked and the user may now access the Rally subscription.
5. Click Save & Close.

Notes:

• The system administrator can monitor those accounts that have been locked by viewing the User summary page. The status field displays a value of Active and Locked for any user that is locked out.
• If email notifications are disabled for the subscription, the subscription administrator is required to enter a user password during the unlocking process. The subscription administrator can enter the existing user password or set a new user password.
• A common cause for users being continually locked out results from an integration, script, connector (such as Subversion or Eclipse) or other automated process running in the background which has not had the credentials updated. These failed logins count towards the invalid attempt limit and will eventually lock the user after reaching the set number of tries. Investigate any web services processes that might be using those credentials to see if modifications are needed.

In addition to simply waiting for the lockout period to expire, Workspace or Subscription Administrators can manually unlock user accounts by going to Setup > Users and clicking the Edit option for that individual.

When a user is locked there will be a checkbox with the label "This account is locked. Click to unlock". Simply uncheck the box, select Save & Close and the user will be able to try accessing Rally again.

It may also be helpful to select the box for "Did this user forget their password" at the same time so the automatic password reset email will be generated and the user can update their credentials.