After reviewing the article you shared, the following statement caught my attention:
Or the second option is to use the Post-Login Action to deny the user access and then redirect them to your custom-hosted page. This is the approach I would recommend for your use case.
I am already using a Post-Login Flow action to deny access.
However, while my action successfully redirects the user, it does not get recorded in the Monitoring Log.
exports.onExecutePostLogin = async (event, api) => {
if (event.organization && event.organization.id == "xxxxxxx"){
let enable = false;
if (event.organization.metadata){
let allowedapps = event.organization.metadata;
enable = Object.values(allowedapps).includes(event.client.client_id);
}
if (!enable) {
api.redirect.sendUserTo("https://example.com");
}
}
};
What I want to achieve is not only to deny access and perform the redirection but also to ensure that this event is logged in the Monitoring Log.