“Enable the Send notifications to users with compromised credentials toggle to send an email to a user when Auth0 detects their credentials may have been compromised.”
When does Auth0 check for compromised credentials? Are they only checked at the times they can be blocked (block compromised credentials for new accounts, block compromised user accounts during login, block compromised credentials used for password reset) or does Auth0 check daily/monthly/some interval outside of when those 3 block scenarios are triggered.
The check and the corresponding notification are tied directly to these three specific events:
During Signup: When a user creates a new account with a password.
During Login: Each time a user attempts to log in with their username and password.
During a Password Change: When a user resets their password or an administrator changes it via the Management API.
Auth0 does not perform periodic background scans of your entire user database against newly discovered breaches. The check is a real-time, transactional event that happens only at the moment a credential is provided to the system.