Disable MFA based on IP allow list

Hi there,

Currently we are using a Rule that checks for user_metadata to determine if MFA needs to be disabled for a specific user.

Does Auth0 support something like that based on IP allow listing. If this requires custom setup, could anyone point me in the proper direction on the proper way to accomplish this?

1 Like

Hello Emiel,

You should be able to achieve this via Rules as well.

To do this, you will need to create an array of IPs, e.g.:

const allowedIPs = [ 0.0.0.0, 127.0.0.1]

And then, check if the user IP context.request.ip is included or not in the array. Here’s the sample code snippet; please adjust it as per your requirement:

if ( allowedIPs.includes(context.request.ip) ) {
  context.multifactor = {
   provider: 'any',
   allowRememberBrowser: false
  }
}

Please review all context object properties available in Rules.

I hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.