Problem statement
Can we implement an automatic email that will be sent after detecting a user who logs in from a new device or different location?
See an example of the email:
“We noticed that your XXXX account was accessed just now from a new device or location:
XXXX App on Android | Israel (147.XXX.XXX.XXX)
If it was you and you recently logged in from a new device or a new location, all is well, and you can ignore this notification.”
Solution
Unfortunately, there’s no out-of-the-box Dashboard feature to do this.
As a workaround, you can use the extensibility code + Adaptive MFA.
With a post-login action, you can check if there’s a new device and trigger an API call to your email provider.
If you enable adaptive MFA and set the policy to never require MFA, you still can use this object:
event.authentication.riskAssessment.assessments.NewDevice