Set Attack Protection Preferences

Enable, disable, and customize Attack Protection settings in the Dashboard.

Auth0 recommends that you do not make changes to your attack protection features using the Management API.

Bot detection mitigates scripted attacks by detecting when a request is likely to be coming from a bot. These are sometimes called credential stuffing attacks. It is enabled by default for all connections. It provides a basic level of protection against certain attacks that adds very little friction to legitimate users. When such an attack is detected, it displays a CAPTCHA step in the login experience to eliminate bot and scripted traffic.

Go to Dashboard > Security > Attack Protection.
Select Bot Detection.
Choose whether you wish to use simple CAPTCHA provided by Auth0, or Google reCAPTCHA (requires external setup and registration).
If you choose simple CAPTCHA, you are done.
If you choose Google's reCAPTCHA, enter the Site Key and Site Secret that you obtained when you register your app with Google.

Auth0 does not support Google reCAPTCHA Enterprise.
Click Save.

Go to Dashboard > Security > Attack Protection.
Select Bot Detection.
Locate the switch at the top of the page and toggle it.

Enabling this feature without enabling its settings activates Monitoring mode, which records related events in your tenant logs but executes no further action.

If you cannot see the toggle to enable this feature, you may need to upgrade your plan.

Suspicious IP throttling is enabled by default for all connections. When enabled, you can customize the suspicious IP throttling policies, including changing the threat threshold that triggers throttling, creating a list of trusted IP addresses from which your users can always access your resources, and enabling or disabling email notifications to administrators.

Go to Dashboard > Security > Attack Protection.
Select Suspicious IP Throttling.
Locate the Response section, and select Block Suspicious Logins and IP AllowList.
Limit high-velocity traffic by toggling the corresponding switch.
View the current Threat Threshold and contact our support team to adjust it.
Avoid erroneously triggering throttling by adding IP addresses to the IP AllowList.
Click Save.

Go to Dashboard > Security > Attack Protection.
Select Suspicious IP Throttling.
Locate the Notifications section, and toggle the switch.

Auth0 strongly recommends that you do not disable suspicious IP throttling for the connection; however, you can both disable and enable it using the Dashboard.

Go to Dashboard > Security > Attack Protection.
Select Suspicious IP Throttling.
Locate the switch at the top of the page and toggle it.

Enabling this feature without enabling its settings activates Monitoring mode, which records related events in your tenant logs but executes no further action.

Brute-force protection is enabled by default for all connections. When enabled, you can customize the brute-force protection response, including changing the threat threshold that triggers blocking, creating a list of trusted IP addresses from which your users can always access your resources, and enabling or disabling email notifications to affected users.

Go to Dashboard > Security > Attack Protection.
Select Brute-force Protection.
Locate the Response section, and select Block users and define your threshold for acceptable risk.
Block brute force logins by toggling the corresponding switch.
View the current Threat Threshold and contact our support team to adjust it.
Avoid erroneously triggering blocking by adding IP addresses to the IP AllowList.
Click Save.

Go to Dashboard > Security > Attack Protection.
Select Brute-force Protection.
Locate the Notifications section, and toggle the switch.

Auth0 strongly recommends that you do not disable brute-force protection for the connection; however, you can both disable and enable it using the Dashboard.

Go to Dashboard > Security > Attack Protection.
Select Brute-force Protection.
Locate the switch at the top of the page and toggle it.

Enabling this feature without enabling its settings activates Monitoring mode, which records related events in your tenant logs but executes no further action.

When enabled, you can customize breached password detection preferences, including enabling blocking compromised user accounts, and enabling or disabling email notifications to administrators and affected users.

Go to Dashboard > Security > Attack Protection.
Select Breached Password Detection.
Locate the Response section, and block compromised user accounts by toggling the corresponding switch.

Go to Dashboard > Security > Attack Protection.
Select Breached Password Detection.
Locate the Notifications section, and toggle the switch.

Go to Dashboard > Security > Attack Protection.
Select Breached Password Detection.
Locate the Notifications section, and select Send notifications to account administrators.
Choose Notification frequency, and select Save.

Go to Dashboard > Security > Attack Protection.
Select Breached Password Detection.
Locate the switch at the top of the page and toggle it.

Enabling this feature without enabling its settings activates Monitoring mode, which records related events in your tenant logs but executes no further action.

If you cannot see the toggle to enable this feature, you may need to upgrade your plan.

Docs