Advanced Threat Detection features protect FusionAuth Enterprise licensed systems from malicious behavior related to logins, registration, and user creation.
This threat detection feature allows admins to set per user rate limits for the following user actions.
FusionAuth will require a CAPTCHA in certain circumstances such as when a new device is seen for the first time. There are a variety of paid and free CAPTCHAs supported, including Google ReCaptcha and HCaptcha.
FusionAuth Advanced Threat Detection enables administrators to lock down an application or API key to a certain IP address or range of IP addresses by creating an IP access control list.
Request location data is used in a variety of ways to secure user accounts. All features are configurable by developers. Some location aware features include:
Geographic location of where the password reset request was made is displayed in Password reset email, allowing the recipient to determine if the request seems suspicious.
Calculate "impossible travel" to see if a user could realistically log in at different locations around the globe in a reasonable time frame.
When a login request occurs from an unexpected IP address, a user receives an email to notify them of a new login with an approximate location of the IP address.