I know the default behavior is that after three failed logon attempts the system toggles the 'Blocked' flag for five minutes before releasing it. I would like to also deactivate the account so it will require a user administrator to reactivate their account and change their password. Has anyone written a process to do something similar or have ideas how to accomplish it? I'm pretty sure it will require custom Java as I can't think of a way to pull it of in the modeler.
This simple use case can be solved with standard Mendix functionality, so you don't need to override the login actions. I have explained the general principle here (use a before commit microflow on account), you can easily adapt this to set the Active boolean to false once the FailedLogins attribute >= 3.
Rom van Arendonk
Did a bit of searching - there is a good article here by Bart Groot about how you can accomplish. Not sure if the code in the post is compatible with 5.13.1, but its at least a starting point.