What conditions mark user "BLOCKED(BRUTEFORCE)"

Problem Statement

On the user details page of the dashboard, “BLOCKED(BRUTEFORCE)” is displayed. What are the conditions to mark user “BLOCKED(BRUTEFORCE)”?


The “BLOCKED(BRUTEFORCE)” means the user is blocked by Brute Force Protection.

When the Brute Force Protection feature blocks an “identifier”, it doesn’t matter if the user account bound to the identifier exists or not. Since the Brute Force Protection is triggered by consecutive failed login attempts, when the login fails, there is no way to tell if the user exists or not.

On the user details page of the tenant dashboard, it checks the following identifiers to determine if the user is “BLOCKED(BRUTEFORCE)”.

  • email of the user account
  • username of the user account
  • phone_number of the user account
  • local part of the email of the user account

For example, if the user’s email address is “user@example.com”, the local part of the email is “user”

  • The substring after the last pipline | character of the user_id

For example, if the user_id is ad|ad_connection|user, the identifier used to check for blocks is “user”

The last two conditions are mainly used by the AD/LDAP connection users.