Enabling Login Controls for a Workspace

There are two different ways to configure login controls:

An Oracle Application Express administrator enables account login controls for all Application Express accounts in all workspaces across a development instance.

If your Oracle Application Express administrator configures these preferences for an instance, those settings display as the defaults for all workspaces. See "Enabling Login Controls for All Workspaces".
If the Oracle Application Express administrator does not enable login controls across an entire instance, then each Workspace administrator can enable the following controls on a workspace-by-workspace basis:
- Require end-user account expiration and locking
- Set up a maximum number of failed login attempts for end-user accounts
- Set the password lifetime for end-user accounts, that is, the number of days an end-user account password can be used before it expires

Tip:

This feature applies only to accounts created using the Application Express user creation and management facilities. It provides additional authentication security for applications. See "Managing Application Express Users".

To enable login controls for a workspace:

Navigate to the Workspace home page.
Click Manage Services on the Administration list.

The Manage Services page appears.
Under Workspace Preferences, click Set Workspace Preferences.
Under Account Login Control:
1. Account Expiration and Locking - Click Enable.
  
  If you select Enable, end-user account passwords will expire after a configurable time period, accounts will be locked after a configurable number of authentication failures, and account passwords can be set to expire after the first use.
  
  If your Oracle Application Express administrator set the Require User Account Expiration and Locking preference to Yes, this preference defaults to Enable and you cannot update it.
2. Maximum Login Failures Allowed - Enter a number for the maximum number of consecutive unsuccessful authentication attempts allowed before an end-user account is locked. If you do not specify a value in this field, the instance-level setting for Maximum Login Failures Allowed is used.
3. User Account Lifetime (days) - Enter a number for the maximum number of days an end-user account password may be used before the account expires. If you do not specify a value in this field, the instance-level setting for Account Password Lifetime is used.
Click Apply Changes.