Hi Team,
I have a requirement to put a time-based limit for sending OTP, so the requirement is that before sending OTP using OTP generator or sender we can put a restriction that the following user should have limit of only 5 OTP in 30 min duration, if user has retry the OTP or trigger the OTP tree for 6 th times within 30 min of login then it should go for message like ‘try after 30 min’, Can we have a check on how many times does the OTP generator node has been trigger for the following user and when was the first time it got trigger and the latest time and count.
Please advice.
Regards
You can use retry limit decision Retry Limit Decision node :: AM 7.3.1
But for duration purposes you can use AM Console, authentication, settings account lockout tab
Hi @SelinKamasYilmaz,
Thankyou for your reply.
But before using retry limit decision, we have to check for the condition like if the user has trigger for OTP Journey and the before HTOP generator node this condition should be fulfilled like OTP generated for user is under 5 times and its under 30 min.
If I user account lockout setting then it will be lock the account and in my scenario no user will be locked out only the OTP will be restricted.
[quote=“TanaySinha49, post:3, topic:5765”]
You can add retry limit decision after otp collector node or I wrote my own scripted decision node to collect otp node and put our own logic there.
Account Lockout is not option then for you, you use scripted decision node with timers maybe
Does FR saves count for of OTP generated for the user and if yes how we can fetch it in script.
I would take a different approach as such properties do not span the Authentication Session.
If we can agree that each request of an otp implies a new authentication session then, I would store the count-otp and time-otp in the user profile. Then, your necessary business rules may be applied via script, sourcing such criteriafrom the profile.
Of course, the complication is, how can you be guaranteed that the user profile is in fact in scope and not the target from the unauthorized, if authentication never completed?
Hi TanaySinha49,
We’re working to enhance the community experience. If you found the information helpful in addressing your inquiry, please select the Best Answer and click the checkbox below the reply to mark the issue as Solved.
We highly encourage our members to use this feature, this helps other community members easily find solutions to similar questions and also acknowledges the valuable contributions of our community members.
If you need any assistance with how to mark a response as ‘Solved’, please let me know—I’m happy to help.
Thank you for your contribution!
Sheila