Auth0 Home Blog Docs

Rule based email blacklist vs regular active users pricing



I have an use case where i only want to use one specific social provider (google), and limit users to a few domains. I can see that this can be done with Auth0 Rule, and it works fine. I tried using pre registration hooks but i learned that it unfortunately only works for user-password-db (is there a plan to make it working on social as well?).

My concern is about regular active users count in this scenario. On the pricing page it is explained that “regular active users” are counted per month per application.

If someone tries to flood my application with unwanted logins and add 7000 users (free plan) that are not authorized in this scenario, would i be able to delete them and still add users, or will i have to wait a month after deleting them/pay for additional users?


The possibility of supporting pre-registration hooks for other types of connection, like social authentication providers, as been discussed and to my knowledge it was considered for future implementation. However, at this time I can neither confirm if that will indeed be the outcome or any definitive timeline for it.

In relation to the scenario you mentioned, to my knowledge, there would be no automatic or immediate blocking of users and the account would just be flagged as exceeding the subscription quota. However, if you want to be sure of all the details related to any impact on the subscription you may want to consider contacting sales directly.