I've just started my research and thought I'd ask here first:
I have an Admin user that is used to Authenticate/Authorize API calls. This
user exists in several environments, each with a different password. During
some testing, I discovered the Admin user had been locked out because the
tester was using an invalid password; because the API calls are automated
it wasn't readily apparent what had happened.
Is there a way for me to exclude the Admin user from the Brute Force
Protection, from either ignoring their failed_login_count or not having
their failed_login_count increased; Or even by some other means?
Thanks, in advance, for any assistance I may receive.