We recently received an email about suspicious activity at an IP address with a button to unblock it, however upon further diagnosis it appears that the IP address was not actually blocked. This is good as investigation revealed that the IP address was most likely a single IP address for an entire companies building.
This however led to the question on how Auth0 handles situations like this. It is great to be notified of suspicious activities and that the IP address that served multiple valid users was not blocked for all of them, but was any action taken aside from the notification?
For this specific use-case there are no other options solutions aside from whitelisting the specific offices IP as it’s shared by many users, correct? Does Auth0 have a specific pattern that they suggest instead for this use-case?
Although whitelisting the IP address of an office would be a solution, it feels like whitelisting is removing some of the functionality/security that Auth0 is providing. So I just wanted to make sure that there should be no conerns from doing this and that it is the accepted approach.
At this time, that is the guidance. If you have some feedback for our product team on the topic or feel there is a gap or feature that could improve the service than I would ask that you fill out a feedback ticket. This is a direct line to our product managers. Thanks!