From 510d0eba65fb1f5ad7ac4ee2d70a8e8ecc29d7f0 Mon Sep 17 00:00:00 2001 From: bohdan-demediuk-nwx Date: Wed, 29 Apr 2026 13:09:31 +0300 Subject: [PATCH 1/6] #392964: ccount Policy - Weak Lockout Policy - GroupID Identity Store doc --- docs/directorymanager/11.1/admincenter/signin.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/admincenter/signin.md index f42d5fb473..1b5f06e134 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/admincenter/signin.md @@ -105,6 +105,17 @@ For second factor authentication, one of the following applies: authentication type to authenticate. See the [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/authenticate.md) topic. +## Login Throttling + +To protect against brute-force attacks, Directory Manager enforces login throttling for system user accounts based on the originating IP address. This applies when signing in using the Directory Manager provider. + +- You have up to 3 consecutive failed sign-in attempts before your IP address is locked out. +- After 3 failed attempts, your IP address is blocked for 5 minutes. +- When the lockout expires, one additional attempt is granted: + - If the attempt fails, your IP address is locked out for another 5 minutes. + - If the attempt succeeds, the attempt counter resets and you regain the full 3-attempt allowance. +- A successful sign-in at any point resets the attempt counter. + ## Sign Out In the Admin Center, click your name in the top right corner and select **Sign Out**. From 8ce102f5e3e50ab15596d05974e49af988cab85f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 29 Apr 2026 10:10:46 +0000 Subject: [PATCH 2/6] fix(vale): auto-fix substitutions and removals --- docs/directorymanager/11.1/admincenter/signin.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/admincenter/signin.md index 1b5f06e134..16ad3dfb04 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/admincenter/signin.md @@ -7,7 +7,7 @@ sidebar_position: 40 # Access Admin Center Admin Center is a web-based application that can be accessed over the Internet and Intranet. It -comes with a default provider,Directory Manager, which primarily facilitates first-time login to the +comes with a default provider,Directory Manager, which primarily facilitates first-time log in to the application. Typically, the Directory Manager provider has one default user, _Super Admin_, that has full access to the Admin Center. On signing in, this user can create identity stores and configure settings to get the application ready for use. @@ -33,7 +33,7 @@ Use any of the following methods to connect and sign in: provider is configured with the selected identity store. :::note - Microsoft Entra ID MFA enabled users cannot log into Directory Manager using their + Microsoft Entra ID MFA enabled users can't log into Directory Manager using their username and password. They will be authenticated through the SAML provider configured for in Directory Manager. ::: @@ -101,7 +101,7 @@ For second factor authentication, one of the following applies: is displayed. You must enroll using at least one authentication type. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/enroll.md) topic. - If you have already enrolled your identity store account in Directory Manager, the Authenticate - page is displayed. It lists the authentication type(s) your account is enrolled with. Select an + page is displayed. It lists the authentication types your account is enrolled with. Select an authentication type to authenticate. See the [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/authenticate.md) topic. From 49a47e647eaff15ecb8ceda611e5e5169bd29e8e Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 29 Apr 2026 10:11:35 +0000 Subject: [PATCH 3/6] fix(vale): auto-fix rewrites (AI-assisted) --- docs/directorymanager/11.1/admincenter/signin.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/admincenter/signin.md index 16ad3dfb04..f7a1af126c 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/admincenter/signin.md @@ -47,7 +47,7 @@ permissions in the identity store. Use one of the following methods to sign in. -- Type the Admin Center URL in the address bar of a web browser and press Enter. For example: +- Enter the Admin Center URL in the address bar of a web browser and press Enter. For example: https://[machine name]:4443//AdminCenter - On the Windows Start menu, search for the Directory Manager 11.x icon and double-click it to launch Admin Center in a browser window. @@ -60,8 +60,6 @@ You can sign in using any of the following methods: ### With your Identity Store Account -Follow the steps to signin with your identify store account. - Step 1 – On the **GroupID Authenticate** page, click an identity store to connect to. Step 2 – In the **Username** and **Password** boxes, enter the username and password of your From 6ac0477f45c43247152b5a5b5d8d89caf509d086 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 29 Apr 2026 10:15:40 +0000 Subject: [PATCH 4/6] fix(dale): auto-fix documentation issues (AI-assisted) --- .../11.1/admincenter/signin.md | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/admincenter/signin.md index f7a1af126c..915159c89b 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/admincenter/signin.md @@ -6,11 +6,11 @@ sidebar_position: 40 # Access Admin Center -Admin Center is a web-based application that can be accessed over the Internet and Intranet. It +Admin Center is a web-based application accessible over the Internet and Intranet. It comes with a default provider,Directory Manager, which primarily facilitates first-time log in to the application. Typically, the Directory Manager provider has one default user, _Super Admin_, that has full access to the Admin Center. On signing in, this user can create identity stores and configure -settings to get the application ready for use. +settings to set up the application. ## Sign In @@ -33,14 +33,14 @@ Use any of the following methods to connect and sign in: provider is configured with the selected identity store. :::note - Microsoft Entra ID MFA enabled users can't log into Directory Manager using their - username and password. They will be authenticated through the SAML provider configured for in + Microsoft Entra ID MFA enabled users can't log into Directory Manager using their + username and password. Directory Manager authenticates them through the SAML provider configured in Directory Manager. ::: Next, you may have to pass second factor authentication, depending on whether it is enabled for your -role in the identity store. You can perform tasks in the Admin Center in keeping with your role and +role in the identity store. You can perform tasks in the Admin Center according to your role and permissions in the identity store. **To Sign In** @@ -70,8 +70,7 @@ Step 3 – After providing your credentials, click **Sign In**. ### With a SAML Provider -You can opt for single sign-on across all Directory Manager clients, provided that a SAML provider -is configured with Directory Manager. See the following topics for additional information on the +You can opt for single sign-on across all Directory Manager clients, provided that you have configured a SAML provider in Directory Manager. See the following topics for additional information on the SAML provider configuration: - [Configure Directory Manager in Microsoft Entra ID for SSO](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md) @@ -81,7 +80,7 @@ On the **GroupID Authenticate** page, click the button or image for the provider in. :::note -For Microsoft Entra ID MFA enabled users, a SAML provider must be configured for signing into +For Microsoft Entra ID MFA enabled users, you must configure a SAML provider for signing into Directory Manager. ::: @@ -91,15 +90,15 @@ Directory Manager. The administrator can enable second factor authentication for a security role in an identity store. If enabled for your role in the identity store, you must pass second factor authentication after -signing in via any of the above methods. +signing in via any of these methods. For second factor authentication, one of the following applies: -- If you have not enrolled your identity store account in Directory Manager, the Enroll Account page - is displayed. You must enroll using at least one authentication type. See the +- If you have not enrolled your identity store account in Directory Manager, Directory Manager displays the Enroll Account page. + You must enroll using at least one authentication type. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/enroll.md) topic. -- If you have already enrolled your identity store account in Directory Manager, the Authenticate - page is displayed. It lists the authentication types your account is enrolled with. Select an +- If you have already enrolled your identity store account in Directory Manager, Directory Manager displays the Authenticate + page. It lists the authentication types your account is enrolled with. Select an authentication type to authenticate. See the [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/authenticate.md) topic. From 4aaf88d6b01672383285c7616f0ff938785b1ec8 Mon Sep 17 00:00:00 2001 From: bohdan-demediuk-nwx Date: Mon, 4 May 2026 08:21:43 +0300 Subject: [PATCH 5/6] Updated wording after AI review --- docs/directorymanager/11.1/admincenter/signin.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/admincenter/signin.md index 915159c89b..f43da7b8aa 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/admincenter/signin.md @@ -102,17 +102,21 @@ For second factor authentication, one of the following applies: authentication type to authenticate. See the [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/authenticate.md) topic. -## Login Throttling +## Sign-in Throttling -To protect against brute-force attacks, Directory Manager enforces login throttling for system user accounts based on the originating IP address. This applies when signing in using the Directory Manager provider. +To protect against brute-force attacks, Directory Manager enforces sign-in throttling based on the originating IP address. This applies when signing in using the Directory Manager provider. -- You have up to 3 consecutive failed sign-in attempts before your IP address is locked out. -- After 3 failed attempts, your IP address is blocked for 5 minutes. -- When the lockout expires, one additional attempt is granted: +- After 3 consecutive failed sign-in attempts, your IP address is blocked for 5 minutes. +- When the lockout expires, you get one additional attempt: - If the attempt fails, your IP address is locked out for another 5 minutes. - If the attempt succeeds, the attempt counter resets and you regain the full 3-attempt allowance. - A successful sign-in at any point resets the attempt counter. +:::note +Locked IP addresses are automatically unblocked after the 5-minute timeout. To unblock an IP address immediately, an administrator can delete its record from the `ProviderLoginThrottle` table in the Directory Manager database. +::: + + ## Sign Out In the Admin Center, click your name in the top right corner and select **Sign Out**. From e6f898e578022c51b13ae26b0870d13675a2679c Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 05:24:57 +0000 Subject: [PATCH 6/6] fix(vale): auto-fix style issues (Vale + Dale) --- docs/directorymanager/11.1/admincenter/signin.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/admincenter/signin.md index f43da7b8aa..af334ad58a 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/admincenter/signin.md @@ -39,8 +39,8 @@ Use any of the following methods to connect and sign in: ::: -Next, you may have to pass second factor authentication, depending on whether it is enabled for your -role in the identity store. You can perform tasks in the Admin Center according to your role and +Next, you may have to pass second factor authentication, depending on whether your role in the +identity store requires it. You can perform tasks in the Admin Center according to your role and permissions in the identity store. **To Sign In** @@ -70,7 +70,7 @@ Step 3 – After providing your credentials, click **Sign In**. ### With a SAML Provider -You can opt for single sign-on across all Directory Manager clients, provided that you have configured a SAML provider in Directory Manager. See the following topics for additional information on the +You can use single sign-on across all Directory Manager clients if you have configured a SAML provider in Directory Manager. See the following topics for additional information on the SAML provider configuration: - [Configure Directory Manager in Microsoft Entra ID for SSO](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md) @@ -98,7 +98,7 @@ For second factor authentication, one of the following applies: You must enroll using at least one authentication type. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/enroll.md) topic. - If you have already enrolled your identity store account in Directory Manager, Directory Manager displays the Authenticate - page. It lists the authentication types your account is enrolled with. Select an + page. It lists the authentication types you enrolled with. Select an authentication type to authenticate. See the [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/authenticate.md) topic. @@ -106,14 +106,14 @@ For second factor authentication, one of the following applies: To protect against brute-force attacks, Directory Manager enforces sign-in throttling based on the originating IP address. This applies when signing in using the Directory Manager provider. -- After 3 consecutive failed sign-in attempts, your IP address is blocked for 5 minutes. +- After 3 consecutive failed sign-in attempts, Directory Manager blocks your IP address for 5 minutes. - When the lockout expires, you get one additional attempt: - - If the attempt fails, your IP address is locked out for another 5 minutes. + - If the attempt fails, Directory Manager locks out your IP address for another 5 minutes. - If the attempt succeeds, the attempt counter resets and you regain the full 3-attempt allowance. - A successful sign-in at any point resets the attempt counter. :::note -Locked IP addresses are automatically unblocked after the 5-minute timeout. To unblock an IP address immediately, an administrator can delete its record from the `ProviderLoginThrottle` table in the Directory Manager database. +Directory Manager automatically unblocks locked IP addresses after the 5-minute timeout. To unblock an IP address immediately, an administrator can delete its record from the `ProviderLoginThrottle` table in the Directory Manager database. :::