Use the Limit Monitoring dashboard to view the rate and concurrency limits that the Workspace ONE Access cloud service imposes on login, launch, and WS-Fed API requests per tenant, and to monitor your usage of these APIs. You can see if the limits are being exceeded and, if so, how often and by how much. When limits are exceeded, users are unable to log in or launch applications during that minute and need to try again the next minute.

Limits improve service availability by helping to prevent your tenant from being overloaded by unforeseen spikes in usage, protect the cloud service from being overloaded by excessive requests to a single tenant, and protect the cloud service from malicious attacks.

About Rate and Concurrency Limits

The Workspace ONE Access Cloud service sets limits on your tenant on login, application launch, and WS-Fed Active Logon API requests. WS-Fed Active Logon requests are typically used to launch Office 365 applications from non-browser clients.

The following limits are set for each API:

  • Rate limit: The maximum number of requests allowed per minute
  • Concurrency limit: The maximum number of concurrent requests allowed

When the limit is reached, subsequent requests are denied during that minute. For example, if the rate limit for login requests is 750 per minute, the first 750 login requests in a minute are accepted but requests 751-n are denied. Similarly, if the concurrency limit for login requests is 500, 500 concurrent requests are accepted but additional requests are denied.

When users cannot log in or launch an application because of the rate limits, they see the following error:

Received too many requests. Please try after some time.

When users cannot log in or launch an application because of the concurrency limits, they see the following error:

Received too many concurrent requests. Please try after some time.

If they get an error, users should attempt to log in or launch the application again in the next minute.

Viewing Limits and Monitoring Your Usage

Use the Limit Monitoring dashboard to view the rate and concurrency limits and track your usage against them. You can monitor the usage for each type of request and see if the limit is being exceeded, how often, and by how much. By tracking the trends over time, you can manage your resources better and determine if you have a valid business need for a higher limit. Tracking the usage helps you deliver the best login and application launch experience to your users.

Note: The Limit Monitoring dashboard reports the data in terms of API requests, not users. The number of API requests might not always be identical to the number of users.
  1. In the Workspace ONE Access console, select Monitor > Limits .

    The graphs provide a high-level look at the login, launch, and WS-Fed request rates over the last 7 days and indicate if the rate limit was exceeded. If the rate limit was exceeded, the graph displays a warning and lists the number of times the limit was exceeded. If the rate limit was not exceeded, the graph displays the highest rate that was reached in the last 7 days.

    For example:

    The image displays the Limit Monitoring dashboard. The dashboard includes 3 small rate limit graphs, for Login, Launch, and WS-Fed APIs.

    In this example, login requests exceeded the rate limit 57 times over the last 7 days, while launch requests and WS-Fed requests were within the limits. The highest rate for launch requests was 17 requests per minute and the highest rate for WS-Fed requests was 11 requests per minute.

  2. For detailed information, click the VIEW link for Login, Launch, or WS-Fed, depending on the type of data you want to see.

    Rate limit and concurrency limit graphs are displayed.

    Rate Limit Graph

    The Rate Limit graph displays the rate limit that is currently set on your tenant and your usage during the specified time range.

    For example:

    The image displays a rate limit graph.

    The red line indicates the rate limit for your tenant, that is, the maximum number of requests allowed per minute, while the blue line indicates the number of requests made per minute. In this example, the login rate limit is 750 requests per minute and the login rate exceeded the limit 150 times, which indicates that approximately 150 login requests were blocked because the limit was reached.

    Place your cursor over any data point on the graph to see details. You can also click any data point to get a more granular view. Place your cursor over the red line to view details about the rate limit.

    By default, the graph shows usage for the last 7 days but you can customize the time range and interval. Data for the last 90 days is available.

    Concurrency Limit Graph

    The Concurrency Limit graph displays all events where the concurrency limit was exceeded during the specified time range.

    For example:

    The image displays a Concurrency Limit graph.

    The bars indicate the number of requests that were blocked within the same minute because the concurrency limit was reached. In this example, the concurrency limit was exceeded twice on December 16. 888 login requests were blocked at 5:00 P.M. and 1641 login requests were blocked at 11:00 P.M.

    By default, the graph shows events for the last 7 days but you can customize the time range and interval. Data for the last 90 days is available.

Viewing Additional Information in Audit Events Report

You can view detailed information in the Audit Events report about each login, launch, and WS-Fed request that was denied because rate or concurrency limits were exceeded.

  1. In the Workspace ONE Access console, select Monitor > Reports .
  2. Select Audit Events in the reports drop-down list.
  3. For Type, select REQUEST LIMITED to see all events that occurred because the rate limit was reached or REQUEST THROTTLED to see all events that occurred because the concurrency limit was reached
  4. Specify the time range and click SHOW.
  5. In the report, click View Details for information about a specific event.

Requesting a Rate Limit Increase

The preset rate limits on the login, launch, and WS-Fed APIs should be sufficient for most tenants under normal circumstances. However, if you consistently exceed the rate limit for a specific API, or if you anticipate an increase in usage for a special event, you can request that the limits be increased.

All requests are subject to an approval process.

To request a rate limit increase:

  1. Open a support ticket at https://help.vmware.com.
  2. In the ticket, provide answers to the following:
    • What are your usage trends, such as maximum usage per week?
    • Have you exceeded the rate limits in the past? If so, how often?
    • For which API do you want to raise the rate limit?
    • What do you want to raise the rate limit to? Specify your answer as requests per minute.
    • How did you determine the new number?
    • Are you requesting a temporary or permanent increase?
    • Provide a business justification for your request.
    • If you are requesting the increase for a specific event, provide the following information:
      • Projected login requests per minute
      • Projected application launch requests per minute
      • Projected Office 365 launches from non-browser clients per minute