Maximize failed login unlock timeout duration [Updated in Security Center 1.3]

  • Release version: Washingtondc
  • Updated May 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Maximize failed login unlock timeout duration

    This content outlines how ServiceNow administrators can manage failed login attempts and enhance security against brute force attacks by configuring user account lockout settings. It details the use of specific script actions and system properties to control the lockout duration after failed login attempts.

    Show full answer Show less

    Key Features

    • System Property: The glide.user.unlocktimeoutinmins defines the unlock duration for user accounts after multiple failed login attempts, with a minimum value of 15 minutes.
    • Script Actions: Two script actions are available:
      • SNC User Lockout Check with Auto Unlock
      • SNC User Lockout Check
      These must be activated to manage login attempts effectively.
    • Configuration Path: Access the settings through System Policy > Script Actions to enable or modify the necessary script actions.

    Key Outcomes

    By implementing these configurations, administrators can effectively mitigate the risk of unauthorized access through brute force attacks. Enabling these settings ensures that any malicious login attempts can be monitored and reported, improving overall instance security without affecting user functionality.

    Failure to configure the security settings properly may expose the instance to higher risks of unauthorized access, underlining the importance of maintaining secure values for the lockout duration.

    Two script actions are available that enable a site administrator to manage the number of times a user can provide an incorrect password before being locked out from the ServiceNow AI Platform. You can enable either of these script actions to manage failed login attempts.

    Help secure your instance against brute force attacks by defining a time period during which a user cannot attempt to log in after being locked out. The glide.user.unlock_timeout_in_mins system property unlocks the user account after the time period that is specified in it's value. If no value is specified, your instance unlocks the user account after the default period of 15 minutes.

    Set the glide.user.unlock_timeout_in_mins system property value to a minimum of 15. If glide.user.unlock_timeout_in_mins does not exist, the default lockout time is set to 15 minutes.

    Ensure that the SNC User Lockout Check with Auto Unlock script action (found on the Script Action [sysevent_script_action] table) is present and active. The SNC User Lockout Check with Auto Unlock script action is installed with the High Security Settings (com.glide.high_security) plugin.

    More information

    Attribute Description
    Configuration name
    • glide.user.unlock_timeout_in_mins (System Property)
    • sysevent_script_action (Script Action)
    Configuration type System Policy > Script Actions
    Category Authentication
    Purpose To enforce strict policy for failed login attempts to avoid brute forcing of credentials.
    Recommended value
    • 15 for the glide.user.unlock_timeout_in_mins system property
    • Active for the SNC User Lockout Check with Auto Unlock script action.
    Functional impactThis remediation would enable administrator of the instance to monitor and report any malicious user access. No functionality impact, only User experience change.
    Security risk
    • Severity Score: 6.8
    • Security Risk Details: If the property is not configured to a secure value and the lockout duration is not enabled, then it may be easier to brute force account logins in a faster time frame. This may allow a malicious user to eventually obtain unauthorized access to the instance. Impact on the instance will be limited to the privileged of the affected user login brute-forced.

    Steps to configure

    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.