Overview
This article explains a specific use case in which users do not receive the notifications even though the “Send notifications to affected users” option is turned on in Brute-force Protection settings for the blocked users.
The blocked user is from a database connection, and the email, username, and phone number are enabled as identifiers.
The user is blocked while logging in with an email receiving the account blocked notification; however, the users logging in with their usernames and blocked due to incorrect passwords do not receive the notification.
Applies To
- Notifications
- Blocked Accounts
Cause
The usernames were numeric, causing Auth0 to attempt sending the notification through SMS instead of E-mail.
Solution
The issue can be resolved in three alternative ways:
- The usernames should be updated to alphanumeric values
- Phone Number attribute should be deleted from the connection
- Phone Number attribute should be disabled as an Identifier.
At this time, it is unsupported to keep the Phone Identifier and Usernames as purely numeric values and cannot be bypassed. Please reach out to submit product feedback at the link below if this is blocking a current use case: