Hi @raph90,
Thanks for reaching out to the Auth0 Community!
The best way to deal with unverified users is to set up a Post-Login Action that checks if the user has verified their email.
If so, they can continue onto the application as usual. Otherwise, this will prevent them from consuming your Monthly Active Users (MAU) count.
Below is the Post-Login Action script needed to accomplish this:
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.email_verified) {
api.access.deny(`Please verify your email address to continue onto ${event.client.name}.`);
}
};
Please let me know if there’s anything else I can do to help.
Thanks,
Rueben