Dynamic IP Blocking settings
Applies to Identity Platform version 20.06 or later
Dynamic IP Blocking is a feature that protects your resources by blocking IP addresses from password spraying and other online password attacks. Password spraying is an attack that attempts to log in, using different usernames with a few commonly used passwords.
SecureAuth blocks the source IP address after failed login attempts using different usernames for a specified amount of time. Instead of locking user accounts, it blocks login attempts coming from that source IP address.
There are two parts to setting up Dynamic IP Blocking:
Use IP Filtering rule to set the length of time to block the IP address after a set number of failed attempts, and add allowed IP addresses. This setting applies to all policies.
Add the Dynamic IP Blocking rule in each policy.
In the left navigation of the Identity Platform, click IP Filtering.
The settings you define here apply to all policies.
Set the length of time to block associated IP addresses after a specified number of failed login attempts. (The numbers in the line after the Block button are clickable links.) Options are:
Length of time – 12, 24, 36, 48, or 72 hours
Number of failed login attempts – 5, 10, 15, 20, and 25
To allow certain IP addresses, click the Set IP addresses link and enter IP addresses, separated by a comma.
IP addresses can only be in IPv4 format.
Save your changes.
Next steps
Open a policy and go to the Blocking Rules tab and add Dynamic IP Blocking as a new rule.