I know that in Auth0, a user can be unblocked using the API management calls and using the dashboard. But could a user unblock himself by resetting the password, is it a default feature of Auth0 or do we need to do some settings to enable that feature?
Could someone provide some information on it?
Thanks in advance
It’s important to have in mind that there’s more than one concept around a user being blocked. In particular, a user can be blocked administratively in which case they can also only be unblocked by the opposite administrative action which would be a tenant admin unblocking the user through the dashboard or through a client application which has permissions to call the Management API and that application performing a user update that unblocks the user.
In addition to that, a user can also be blocked from completing a login because of attack protection related features. In particular, the brute force protection (Brute-Force Protection) can block a user from completing a login if the user in question submits incorrect credentials above a configured threshold.
In the case of a brute force protection block the end-user can indeed unblock himself either by completing a password reset or by accessing the unblock URL that can be sent to the user’s email inbox when the blocking occurs.
Thank you so much for the detailed explanation. It really helps. Let me just try out and would come in case of any further questions.