Blocking Users in Bulk

Overview

This article describes whether it is possible to prevent a large number of users from authenticating.

Applies To

  • Authentication
  • Post-Login Action
  • Blocked

Solution

While there is no out-of-the-box way to block a set of users in bulk, it is possible to use a post-login action that can deny authentication based on specific criteria from the user profile.

For example, to block all users who have blocked set to true in their app_metadata the following example should be reviewed:

exports.onExecutePostLogin = async (event, api) => {
 if (event.user.app_metadata.blocked) {
   api.access.deny("Blocked");
 }
}