However, a key limitation of this model is that the default throttle limit is fixed and cannot be modified. As a result, when this limit is exceeded, the activity is flagged as potentially suspicious and notification alerts are automatically sent to Org Admin users.

As we observed multiple challenges with this model across various environments, our team is releasing an enhancement to this to improve its flexibility. This enhancement will allow rate limits to be configured up to three times the default value. However, if a URL exceeds its configured threshold and an Org Admin attempts to increase the rate limit beyond the permitted maximum, the system will return an error indicating that the specified value exceeds the allowable limit for that URL.

Refer to the screenshots below that illustrate this enhancement. For authentication error, the default threshold level per minute is 15 attempts. When the threshold level is exceeded, a notification will be triggered to Org Admins, they can view the impacted URL and increase the throttle limit if required. 

The maximum limit is set to 45 (default 15).

If a user attempts to set a value beyond the permitted maximum limt, the following prompt appears with the message.

This allows you to configure dynamic throttle limit for various URLs based on your requirement. You can try this feature on our beta site and provide your valuable feedback.

Note that this this feature can be accessed under Admin > ESM directory > Security settings > Advanced.