Dear Ramkumar, On the one hand you are right when you mention that `oxCountInvalidLogin` is used to store invalid attempts (when you have already activated the [custom script](https://gluu.org/docs/ce/authn-guide/intro/#configuring-account-lockout) for account lockout, of course) but on the other, SCIM strictly defines the attribute set you can play around with. In your 3.0.x or 3.1.0 Gluu Server installation visit: `https://<host-name>/identity/seam/resource/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User`, you will note in that JSON file that this is exactly what the spec dictates: see section 4 of [RFC 7643](https://tools.ietf.org/html/rfc7643). You might think that using [extensions](https://www.gluu.org/docs/ce/admin-guide/user-scim/#user-extensions) could be a way to handle it (see `https://<host-name>/identity/seam/resource/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:gluu:2.0:User`), but `oxCountInvalidLogin` is not defined as a custom attribute (neither a core one), it's more an administrative attribute than something typical of a user profile. If you visit, `https://<host-name>/identity/attribute/inventory`, `oxCountInvalidLogin` won't be there.