When a user exceeds the threshold of failed login attempts, the CAPTCHA is presented on the screen, however this is not the sole means to then login. Instead this is just intended to be an additional check to make sure the attempt is coming from a real person (and not a bot, script, or malicious user).

When you see the CAPTCHA on the login screen, you not only have to successfully complete the CAPTCHA, but then you also still need to provide the correct login credentials (both username and password in their respective fields) on that same screen.

There is a known scenario where you might see the CAPTCHA stuck on the screen, but in this case it can be due to a corrupted browser cookie, see The JIRA application login is stuck on captcha validation for details.

As for Jira notifying an administrator when a user exceeds this threshold, this is not possible with Jira natively right now.  There are a pair of feature requests for this kind of functionality in:

https://jira.atlassian.com/browse/JRASERVER-28945

https://jira.atlassian.com/browse/JRASERVER-66580

Technically speaking when a user sees the CAPTCHA on the login screen, their account is not actually locked out (at least not by Jira).  A locked out account cannot login at all.  But when you see this CAPTCHA it tends to be because the credentials are actually invalid at that time.   Are you using an LDAP directory with Jira for authentication?

Are you also running another Atlassian product like Confluence on the same server address?  If so, there is another scenario where User is constantly logged out of JIRA.  That KB might be helpful if you have two such applications on the same address.

If that isn't the case here, and you know the user is definitely using the correct captcha and correct credentials but still can't login, I would strongly recommend the further troubleshooting steps in Unable to login to JIRA applications.  It explains there are some additional logging you can turn on in Jira in order to see more details on why some users fail to login.