netwrix · bohdan-demediuk-nwx · Apr 29, 2026 · Apr 29, 2026 · Apr 29, 2026 · Apr 29, 2026
@@ -6,11 +6,11 @@ sidebar_position: 40
 
 # Access Admin Center
 
-Admin Center is a web-based application that can be accessed over the Internet and Intranet. It
-comes with a default provider,Directory Manager, which primarily facilitates first-time login to the
+Admin Center is a web-based application accessible over the Internet and Intranet. It
+comes with a default provider,Directory Manager, which primarily facilitates first-time log in to the
 application. Typically, the Directory Manager provider has one default user, _Super Admin_, that has
 full access to the Admin Center. On signing in, this user can create identity stores and configure
-settings to get the application ready for use.
+settings to set up the application.
 
 ## Sign In
 
@@ -33,21 +33,21 @@ Use any of the following methods to connect and sign in:
   provider is configured with the selected identity store.
 
     :::note
-    Microsoft Entra ID MFA enabled users cannot log into Directory Manager using their
-    username and password. They will be authenticated through the SAML provider configured for in
+    Microsoft Entra ID MFA enabled users can't log into Directory Manager using their
+    username and password. Directory Manager authenticates them through the SAML provider configured in
     Directory Manager.
     :::
 
 
-Next, you may have to pass second factor authentication, depending on whether it is enabled for your
-role in the identity store. You can perform tasks in the Admin Center in keeping with your role and
+Next, you may have to pass second factor authentication, depending on whether your role in the
+identity store requires it. You can perform tasks in the Admin Center according to your role and
 permissions in the identity store.
 
 **To Sign In**
 
 Use one of the following methods to sign in.
 
-- Type the Admin Center URL in the address bar of a web browser and press Enter. For example:  
+- Enter the Admin Center URL in the address bar of a web browser and press Enter. For example:  
   https://[machine name]:4443//AdminCenter
 - On the Windows Start menu, search for the Directory Manager 11.x icon and double-click it to
   launch Admin Center in a browser window.
@@ -60,8 +60,6 @@ You can sign in using any of the following methods:
 
 ### With your Identity Store Account
 
-Follow the steps to signin with your identify store account.
-
 Step 1 – On the **GroupID Authenticate** page, click an identity store to connect to.
 
 Step 2 – In the **Username** and **Password** boxes, enter the username and password of your
@@ -72,8 +70,7 @@ Step 3 – After providing your credentials, click **Sign In**.
 
 ### With a SAML Provider
 
-You can opt for single sign-on across all Directory Manager clients, provided that a SAML provider
-is configured with Directory Manager. See the following topics for additional information on the
+You can use single sign-on across all Directory Manager clients if you have configured a SAML provider in Directory Manager. See the following topics for additional information on the
 SAML provider configuration:
 
 - [Configure Directory Manager in Microsoft Entra ID for SSO](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md)
@@ -83,7 +80,7 @@ On the **GroupID Authenticate** page, click the button or image for the provider
 in.
 
 :::note
-For Microsoft Entra ID MFA enabled users, a SAML provider must be configured for signing into
+For Microsoft Entra ID MFA enabled users, you must configure a SAML provider for signing into
 Directory Manager.
 :::
 
@@ -93,18 +90,33 @@ Directory Manager.
 The administrator can enable second factor authentication for a security role in an identity store.
 
 If enabled for your role in the identity store, you must pass second factor authentication after
-signing in via any of the above methods.
+signing in via any of these methods.
 
 For second factor authentication, one of the following applies:
 
-- If you have not enrolled your identity store account in Directory Manager, the Enroll Account page
-  is displayed. You must enroll using at least one authentication type. See the
+- If you have not enrolled your identity store account in Directory Manager, Directory Manager displays the Enroll Account page.
+  You must enroll using at least one authentication type. See the
   [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/enroll.md) topic.
-- If you have already enrolled your identity store account in Directory Manager, the Authenticate
-  page is displayed. It lists the authentication type(s) your account is enrolled with. Select an
+- If you have already enrolled your identity store account in Directory Manager, Directory Manager displays the Authenticate
+  page. It lists the authentication types you enrolled with. Select an
   authentication type to authenticate. See the
   [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/general/authenticate.md) topic.
 
+## Sign-in Throttling
+
+To protect against brute-force attacks, Directory Manager enforces sign-in throttling based on the originating IP address. This applies when signing in using the Directory Manager provider.
+
+- After 3 consecutive failed sign-in attempts, Directory Manager blocks your IP address for 5 minutes.
+- When the lockout expires, you get one additional attempt:
+    - If the attempt fails, Directory Manager locks out your IP address for another 5 minutes.
+    - If the attempt succeeds, the attempt counter resets and you regain the full 3-attempt allowance.
+- A successful sign-in at any point resets the attempt counter.
+
+:::note
+Directory Manager automatically unblocks locked IP addresses after the 5-minute timeout. To unblock an IP address immediately, an administrator can delete its record from the `ProviderLoginThrottle` table in the Directory Manager database.
+:::
+
+
 ## Sign Out
 
 In the Admin Center, click your name in the top right corner and select **Sign Out**.