Hi CDC Experts,
Is it possible to create RBA (Risk Based Policy) to lock an account for a duration based on number of attempts that were made to answer security question to retrieve/reset the password.
If such a rule can be created based on this factor, can a custom action be defined on this policy to trigger a process like triggering an email or setting a custom value to user account data object to maybe save the timestamp when the user account was locked because i could not find this attribute in getAccountInfo method.
I'm sorry, but you don't have such an option to choose your criteria based on answering security question to retrieve/reset the password.
Even if you could, CDC doesn't allow you to trigger email or do some custom steps after, so, you have to follow generic actions.