Whether or not brute force attack protections are active.
Maximum number of unsuccessful attempts.
Account Lockout: Determines whether or not IP address is used when counting failed attempts.
Possible values: count_per_identifier_and_ip, count_per_identifier.
Action to take when a brute force protection threshold is violated.
Possible values: block, user_notification.
List of trusted IP addresses that will not have attack protection enforced against them.