Blocked User Does not Exist Under User Management

lihua.zhang · April 14, 2023, 12:05am

Overview

This article explains why a brute force blocked user did not exist under Auth0 Dashboard > User Management > Users.

Applies To

Brute Force Blocked User
Management API
Blocked Accounts

Solution

Brute force protection is triggered after failed n attempts, regardless of whether the user exists in Auth0 Dashboard > User Management > Users, to prevent enumeration attacks.

Use the Auth0 Management API’s Get blocks by identifier endpoint to retrieve the blocks for the given identifier (in this case, the user’s email is sufficient).

An example GET request:
GET api/v2/user-blocks?identifier=user@email.com

If the block is found, unblock the user by using the Management API’s Unblock by identifier by sending the identifier(username, phone number, or email).
DELETE api/v2/user-blocks?identifier=user@email.com

Topic		Replies	Views
Query Users Blocked by Brute Force Protection Using the Management API Knowledge Articles management_api , brute-force	1	412	February 8, 2024
List of blocked users via API Help management-api , users	5	378	May 6, 2024
List of locked users Help api	6	2956	March 4, 2022
How to unblock a blocked (Bruteforce) user in auth0 except via the Dashboard Help auth0	3	4790	November 6, 2019
Get a list of users blocked by bruteforce Help anomaly-detection , blocked-account , block	4	5208	September 15, 2023

Blocked User Does not Exist Under User Management

Overview

Applies To

Solution

Related Topics