Overview

This article explains why a user is locked out from logging into an application. When a user is locked out, the following error is displayed on the login screen:

• Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.

The error logs from the failed login show:

{  
  “errorMessage”: “Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.“, 
  “success”: false
}

The user never received the unblocking email with instructions.

Applies To

• Blocked Account
• Blocked Access to Application

Cause

This issue may be caused by the number of Maximum Attempts configured on the Brute-force Protection settings being exceeded.

Solution

To unblock the users who have been blocked from brute-force protection, follow the video or one of the options below.

• The affected user selects the unblock link in the email notification (if configured).
  • Customize the template: Customize Blocked Account Emails
• The affected user changes their password (on all linked accounts).
• An administrator removes the block.
  • Management API
    • Delete User Blocks endpoint
    • Delete User Blocks by IDendpoint
  • Auth0 Dashboard
• An administrator raises the Maximum Attempts login threshold.

Related References

• Delete User Blocks endpoint
• Delete User Blocks by IDendpoint
• Customize Blocked Account Emails