Feature Request Summary:
In the 2023-04-21 release notes Zendesk made changes to behaviour of incorrect password attempts to a external dashboard. After 5 failed entries, it locks the dashboard for 5 minutes.
While an improvement, this still lacks oversight from an administrative capacity. I would suggest that when this occurs, admins should be notified which dashboard was affected, which IP Address & UserAgent string attempted the login(s) and ideally the event logged in the Audit Log. Bonus points for being able to suspend that IP address from accessing the dashboard(I know, IP-banning isn't perfect), as one malicious actor can now effectively initiate a DoS attack on a dashboard and prevent anyone from using it.
Security minded organizations need to be able to track failed login attempts to their resources, especially if the resource can provide internal business metrics.
Business impact of limitation or missing feature:
Sadly still can't use the feature without being able to track inappropriate access attempts
Please sign in to leave a comment.