Here's a simple solution that works when you only have local users and nothing fancy like SSO..
It might be sufficient for you and does not require JAVA..
Add a Before Commit event handler to Account. In the event handler set Active to false if Blocked is true (see image).
Now the user account is deactived completely, the systems does not reactivate the user, that must be done manually by an Admin.
Note that the console/log will start showing that ‘account is not active’ rather then ‘user is blocked’, but the effect is the same.
Hope that helps,
As Jeroen said, it's only applicable when directly logging into the Mendix app (local login), not via SSO.
You can manage to overwrite the default login procedure of the Mendix platform with some custom Java, but be aware that it can be harder to upgrade (for example from Mx 8 to Mx 9).
If you go this path, it requires some Java knowledge; personally I would prefer Jeroen's solution and say to the business: it's 3 times, not 5 ;-)
Here are some screenshots and code snippets that should give a jump-start:
// BEGIN USER CODE LoginActionListener loginActionListener = new LoginActionListener(); loginActionListener.addReplaceEvent(CustomLoginAction.class.getName()); Core.addUserAction(CustomLoginAction.class); Core.addListener(loginActionListener); return true; // END USER CODE
Continue the steps as described by Bart Groot on his website
Adapt the code to do the check for 5 times instead of 3 by handling the exception yourself.
Again: think twice before you implement this, but it is possible!