Set Anomaly Detection Preferences
Enable, disable, and customize Anomaly Detection settings in the Dashboard.
Bot detection preferences
Bot detection mitigates scripted attacks by detecting when a request is likely to be coming from a bot. These are sometimes called credential stuffing attacks. It is enabled by default for all connections. It provides a basic level of protection against certain attacks that adds very little friction to legitimate users. When such an attack is detected, it displays a CAPTCHA step in the login experience to eliminate bot and scripted traffic.
Auth0 strongly recommends that you do not disable Automated Attack Protection, however, if you do, you can enable it in the Dashboard.
Click on the Bot Detection shield.
Choose whether you wish to use the simple CAPTCHA provided by Auth0, or Google reCAPTCHA (requires external setup and registration).
If you choose simple CAPTCHA, you are done and set up.
If you choose Google's reCAPTCHA, enter the Site Key and Secret that you obtain when you register your app with Google.
Brute-force protection preferences
Brute-force protection is enabled by default for all connections. Once enabled, you can customize the brute-force protection settings. You can limit the number of signups and failed logins from a suspicious IP address.
Auth0 strongly recommends that you do not disable brute-force protection for the connection, however, if you do, you can change it back in the Dashboard.
Click on the Brute-force Protection shield.
Use the toggles to enable or disable actions for single or multiple user accounts.
Add any IP addresses to the Whitelist field to avoid erroneously triggering the protection action.
Breached password detection preferences
Set preferences for breached password detection actions.
Click on the Breached-password Detection shield.
Use the toggles to enable or disable actions when login security breaches are detected.
Determine how administrators are notified.