Is it possible to add last_ip to the deny list?

Hi there!

We are trying to limit the amount of user data we store in the Auth0 Database. We have reviewed the docs and this FAQ around using the connections endpoint to add profile fields to the deny list, but are not having success:

https://auth0.com/docs/secure/security-guidance/data-security/denylist

The /api/v2/connections/{id} PATCH has a status 200 and if we call /api/v2/connections/, we can see last_ip listed in the non_persistent_attrs, however we still see the last_ip address listed under the user details in the dashboard.

We preformed the steps outlined in this FAQ:

We have also confirmed the Management API is scoped for read:connections and update:connections

Is it possible to not persist the last IP?
If so, are we missing a step?

1 Like

I am experiencing the same problem, I have done several tests, but it turns out as if only some fields can be added to the deny list, like profile picture, but nothing changes for the last_ip field.

Any update?

Our team is going back to answer frequently asked questions.

After further tests, I was able to reproduce the same observations as you. It looks like only some root attributes can be denied, not all. Looking at the User Profile Structure more closely the last_ip root attribute cannot be updated.

image

Hope this helps!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.