How to prevent multiple logins?

Hi,

I’m wondering if there’s a way to prevent different people from using the same login credentials. I’m running some tests to see if auth0 will be used in my organization and this requirement is mandatory.

I’m considering an official way to do this, like a “flag” on the auth0 platform or some rule that someone else has already made. Thanks

Hi @guidodonato,

Welcome to the Auth0 Community!

I understand that you are looking for a way to prevent multiple logins.

Before we continue, could you please clarify what you meant by “prevent different people from using the same login credentials”?

Generally, login credentials such as a username and password combination are only known to a single user. Is there a reason why multiple users may share the same login credentials?

Yes, this is something you can do to the user profile.

Looking forward to your reply.

Thank you.

1 Like

In an example we use the subscription concept, a person can share their email and password to avoid having to buy another “license”

Do you have any examples or instructions that you can share with me for me to try to apply my application?

Hi @guidodonato,

Thank you for your response and clarification.

Unfortunately, I don’t believe what you are trying to accomplish is possible and allow me to explain why.

First, it would be hard to determine if the user is being logged in by person A or person B. The question becomes, what are the determining factors to identify person A or person B when they both use the same credentials to log in to that user?

Would you be able to know preemptively and decide based on some “flag” as you mentioned? Using rules wouldn’t work because it triggers every post-login authentication, hence both persons will always set the same flag. There isn’t an easy way to sort of oscillate or toggle the flag depending on the person logging in to that user.

The only possible identification I can think of that could be used as a flag to check for the same user but different Actors would be checking the IP address. But even that is not fail-proof, because we would introduce a new problem of what if the users’ login IP address moves, then neither can log in.

Thank you.