Brute Force Protection
Enji is committed to data safety. This guide explains how to ensure that an organization’s Enji site is safe from brute force attacks.
To protect against multiple failed login attempts in Enji, activate the Max Login Attempts feature in Settings -> Company Settings-> Feature Settings. In the input field, enter the maximum allowed number of login attempts and save the changes.
If a user exceeds this limit, their account will be locked, and they will see the message:
Too many attempts. Please contact your Enji administrator.
Only users with the Stakeholder role or those with additional permissions as Role Manager can unlock a blocked account.
To unlock a user account:
1. Navigate to HR -> Employees -> User ID.
2. Go to the Account tab and click on the ID of the account that was locked during the login attempts.
3. In the pop-up window, click the Unlock button.
After that, the user can attempt to log in again.
If a user has lost their password and the "Forgot Password" option does not work, administrators can set a new password for the user by clicking the Set Password button in the same window and then providing the new password to the user.