This article explains why a user is locked out from logging into an application. When a user is locked out, the following error is displayed on the login screen:

Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.

The error logs from the failed login show:

{  
  “errorMessage”: “Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.“, 
  “success”: false
}

The user does not receive the unblocking email with instructions. 

• Blocked Account
• Blocked Access to Application
• Brute-force Protection

This issue is caused by exceeding the number of Maximum Attempts configured on the Brute-force Protection settings.

To unblock users who have been blocked by brute-force protection, follow one of the options below:

https://auth0.com/docs/secure/attack-protection/brute-force-protection#block-removal-events

• The affected user selects the unblock link in the email notification (if configured).

  • Customize the template: Customize Blocked Account Emails

• The affected user changes their password (on all linked accounts).

• An administrator removes the block.

  • Management API

    • Delete User Blocks endpoint
    • Unblock a user

  • Auth0 Dashboard

• An administrator raises the Maximum Attempts login threshold.

Related References

• Delete User Blocks endpoint
• Unblock a user
• Customize Blocked Account Emails