Overview
This article explains what BLOCKED(BRUTEFORCE) means on the user details page of the dashboard and the conditions under which it is displayed.
Applies To
- User Details
- Blocked Bruteforce
Solution
BLOCKED(BRUTEFORCE) means the user is blocked by Brute Force Protection:
However, it could be confusing sometimes when the “identifier” that is actually blocked is not obvious.
-
When the Brute Force Protection feature blocks an identifier, it doesn’t matter if the user account bound to the identifier exists or not. Actually, since the Brute Force Protection is triggered by consecutive failed login attempts when the login fails, there is no way to tell if the user exists or not.
-
On the user details page of the tenant dashboard, it checks the following identifiers to determine if the user is displayed as BLOCKED(BRUTEFORCE)
- email of the user account
- username of the user account
- phone_number of the user account
- local part of the email of the user account
For instance,
- If the user’s email address is user@example.com, the local part of the email is the user. The substring after the last pipeline
|character of the user_id - If the user_id is ad|ad_connection|user, the identifier used to check for blocks is the user
The last 2 conditions are mainly used by the AD/LDAP connection users.