You must ensure that
Failed Attempts
and
Lockout
Time (min)
are greater than 0 in authentication settings.
If an administrator reaches the
Failed Attempts
threshold,
the administrator is locked out for the duration defined in the
Lockout
Time (min)
field.