User Guide Getting Started Help Center Documentation Community Training
Looker
  
English
Français
Deutsch
日本語
Login Lockouts

Looker automatically locks out user accounts for five minutes after someone has tried to log in to an account and failed to enter the proper credentials four times in a row from a single IP address. If an account is locked, that account is not allowed to login from that same IP address, even with the proper credentials, until the five-minute lockout period expires. Lockouts occur on a per-user credential and per-IP address basis, so a user credential that is locked out on an IP address can still attempt to log in from a different IP address, or a different user credential can attempt to log in from that same IP address.

The lockout policy does not apply to SSO embed users.

The Login Lockouts page in the Users section of the Admin menu shows a list of user credentials that are currently locked out because their owners exceeded the maximum number of failed login attempts:

Included Information

Column Definition
User ID The user ID associated with the locked account. If there is not an account associated with the credentials used for the unsuccessful login attempts, this column is empty.
Name The name associated with the locked account. If there is not an account associated with the credentials used for the unsuccessful login attempts, this column shows “No matching account.”
Email The email address used with the unsuccessful login attempts.
Time Remaining The amount of time left before the account unlocks.
Authentication Type The authentication method through which the unsuccessful login attempts were made. Possible options are:

  • email: Invalid email address and password combination
  • api: Invalid Looker API credentials
  • totp: Invalid two-factor authentication codes
  • ldap: Invalid LDAP credentials
  • IP Address The IP address from which the unsuccessful logins were attempted.
    Actions Shows the Unlock button, which lets you unlock the user account.

    Unlocking an Account

    Looker admins can unlock an account that is currently locked, letting that user attempt to log in again before the five-minute lockout period expires. Click the Unlock button next to the user account you want to unlock to display a dialog box letting you unlock the user account:

    If there is a user account associated with the credentials used for the login attempts, the dialog box includes a link to that user account page.

    Top