Problem
In Terraform Enterprise (TFE), a user account becomes locked after three consecutive unsuccessful login attempts. The user is unable to log in, even after a successful password reset, until the account is unlocked.
Cause
As a security measure, Terraform Enterprise automatically locks a user account for 30 minutes after three failed login attempts. While this lock expires automatically, an administrator can manually unlock the account to restore access immediately.
Solutions
An administrator can unlock a user account by accessing the Terraform Enterprise Rails console and running a series of commands.
Solution 1: Manually Unlock the User Account
Prerequisites
- Administrative shell access to the Terraform Enterprise server.
Procedure
Log in to the server running Terraform Enterprise and access the Rails console.
$ docker exec -it terraform-enterprise tfectl support console
Run the following commands within the Rails console to find the user, unlock their account, and save the changes. Replace
<username>with the target user's username.## Find the user by their username user = User.find_by(username: "<username>") ## Optional: Verify the account is locked by checking the timestamp user.locked_at ## Unlock the user account user.unlock_access! ## Save the changes to the database user.save!
Exit the Rails console.
exit
Outcome
The user's account is now unlocked, and they should be able to log in with their correct credentials.
Additional Information
- This procedure should only be performed by authorized administrators.
- If the user continues to experience login issues, advise them to clear their browser cache and cookies or try accessing the user interface in a private or incognito browsing session.