Authentication Using a Tenable Identity Exposure Account

The simplest authentication method is through a Tenable Identity Exposure account that requires a username and a password.

This authentication method offers a default lockout policy, a security control designed to mitigate brute force attacks against authentication mechanisms. It locks out user accounts after too many failed login attempts. When an account is locked, users do not have access to Tenable Identity Exposure APIs.

To configure authentication using a Tenable Identity Exposure account:

  1. In Tenable Identity Exposure, click Systems > Configuration.

    The configuration pane appears.

  2. Under the Authentication section, click Tenable Identity Exposure.

  3. In the Default profile drop-down box, select the profile for the user.

  4. In the Default roles box, select the roles for the user.

  5. Configure the lockout policy settings:

    Setting Description Default Value
    Enabled
    • EnabledTenable Identity Exposure blocks the account after a set number of failed login attempts.

    • DisabledTenable Identity Exposure does not lock the account after failed login attempts.

    Enabled
    Lockout duration

    The time duration that Tenable Identity Exposure locks the account from any login attempts. Tenable Identity Exposure automatically unlocks the account after this time elapses to allow the user to attempt to log in again.

    To configure the lockout duration:

    1. Click on the slider to set a lockout duration.

    2. Select Infinite if you do not want to unlock the account automatically after a set duration.

    Note: If all the accounts within the 'Global Administrator' group become locked, Tenable Identity Exposure unlocks the default administrative account after 10 seconds.
    300 seconds
    Number of attempts before lockout The number of failed login attempts before Tenable Identity Exposure locks the account. 3
    Redemption period

    The time interval during which Tenable Identity Exposure counts the number of unsuccessful login attempts. After a specified number of unsuccessful login attempts, Tenable Identity Exposure locks the account.

    To set the redemption period:

    1. Click on the slider to set a time interval.

    2. Select "Infinite" if you do not want to set a time interval to count unsuccessful login attempts before Tenable Identity Exposure locks the account.

    900 seconds
  6. Click Save.