I have enabled anomaly detection but it doesn't work for my AD connection

Saltuk · June 1, 2020, 7:52pm

I have enabled brute force protection both for single user and for multi user but protection doesn’t work for some of my AD connections and regular Auth0 DB connections. On the Auth0 logs, I’m getting the following error message:

"type": "limit_wc",
"description": "User (redacted) attempted 10 consecutive logins unsuccessfully. Brute force protection is disabled for this connection, user is not locked",
...redacted

What might be the issue?

Saltuk · June 1, 2020, 8:01pm

You will need to check if brute_force_protection option is set to true for those connections. If this attribute is missing or set to false it has to be set to true. Here are the instructions.

1- Get all the available connections for your tenant with get all connections management API.

2- Find the connection id and the options object for a connection you need to add brute_force_protection attribute . Here is an example from my tenant:

Connection id : con_KCVvhZ4XyXDM4OPf

  {
    "options": {
      "mfa": {
        "active": true,
        "return_enroll_settings": true
      },
      "import_mode": false,
      "configuration": {},
      "disable_signup": false,
      "passwordPolicy": null,
      "password_history": {
        "size": 5,
        "enable": false
      },
      "strategy_version": 2,
      "requires_username": false,
      "password_dictionary": {
        "enable": false,
        "dictionary": []
      },
      "password_no_personal_info": {
        "enable": false
      },
      "password_complexity_options": {
        "min_length": 1
      },
      "enabledDatabaseCustomization": false
    }
  }

3- Use the existing options object above and add “brute_force_protection”: true as an additional attribute. Please note that you need to keep the existing fields in the options object otherwise they will be lost while patching the connection.

4- Call the update a connection management API using the connection id and the modified options object.

Here is the sample for the connection in step-2 with brute_force_protection option added.

{
    "options": {
      "mfa": {
        "active": true,
        "return_enroll_settings": true
      },
      "import_mode": false,
      "configuration": {},
      "disable_signup": false,
      "passwordPolicy": null,
      "password_history": {
        "size": 5,
        "enable": false
      },
      "strategy_version": 2,
      "requires_username": false,
      "password_dictionary": {
        "enable": false,
        "dictionary": []
      },
      "password_no_personal_info": {
        "enable": false
      },
      "password_complexity_options": {
        "min_length": 1
      },
      "enabledDatabaseCustomization": false,
      "brute_force_protection": true
    }
  }

You will need to repeat these steps for all your connections listed below:

1- Auth0 DB
2- Auth0 DB with custom DB scripts
3- Active directory connections
4- Passwordless connections

For the connections which already have brute_force_protection set true , you may skip updating them obviously. For other connection types, like social and other enterprise connections you don’t need to make changes.

konrad.sopala · June 2, 2020, 9:00am

Thanks for sharing that Saltuk!