Overview
This article explains the notification behavior of the brute-force protection system when a user account, possessing both a phone number and an email address as identifiers, is blocked. It clarifies whether an email notification can be sent when users have both types of identifiers, considering that notifications are typically sent via email for email-identified users and via SMS for phone-identified users.
Applies To
- Brute-Force Frotection
- Block Notification
Solution
Currently, sending notifications to both email and SMS simultaneously for a single block event is not supported. Users are notified via the communication channel associated with the identifier that triggered the account block. For example, if the block was triggered due to failed attempts associated with the phone number, the SMS notification is sent.
To suggest this functionality in a future release of Auth0, please submit a feature request using the Product Feedback form. More information about this process can be found at How to Submit Product Feedback or Feature Requests.