Getting user Unblocked in Auth0

I know that in Auth0, a user can be unblocked using the API management calls and using the dashboard. But could a user unblock himself by resetting the password, is it a default feature of Auth0 or do we need to do some settings to enable that feature?

Could someone provide some information on it?

Thanks in advance

It’s important to have in mind that there’s more than one concept around a user being blocked. In particular, a user can be blocked administratively in which case they can also only be unblocked by the opposite administrative action which would be a tenant admin unblocking the user through the dashboard or through a client application which has permissions to call the Management API and that application performing a user update that unblocks the user.

In addition to that, a user can also be blocked from completing a login because of attack protection related features. In particular, the brute force protection (Brute-Force Protection) can block a user from completing a login if the user in question submits incorrect credentials above a configured threshold.

In the case of a brute force protection block the end-user can indeed unblock himself either by completing a password reset or by accessing the unblock URL that can be sent to the user’s email inbox when the blocking occurs.

Thank you so much for the detailed explanation. It really helps. Let me just try out and would come in case of any further questions.

Hello @jmangelo or if anyone else picks up this ticket…

The issue we have is that when users get blocked because of brute force protection, we don’t want them to receive the email to unblock themselves. We just want to tell them that they can unblock themselves by resetting their password.
The problem is that our application uses a Database Connection for authentication. When the users reset their password in this scenario, Auth0 doesn’t unblock them. Is there something else we have to do to get this working?

Thanks

Sergio…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.