We did a pen test with a customer and found that auth0 correctly detected suspicious activity and blocked the originating IP address. Our customer would like the account used to be locked as well. Is that possible with auth0?
User’s can be blocked in the Dashboard via the User Detai page, Actions button.
You can use the API to do this via:
PATCH https://<TENANT>.auth0.com/api/v2/users/<USER_ID>
{ "blocked" :true }