MFA empty location_info

sasee.venkata · May 11, 2026, 8:11pm

Hi Auth0 Support Team,

We are integrating Auth0 Log Streams with AWS EventBridge to capture authentication and MFA events for security alerting.

We observed that the Auth0 Dashboard UI displays geolocation details such as city and country for login events under User History. However, the same events received through EventBridge/log streams contain either an empty location_info object or no geolocation details at all.

Example:

Dashboard UI shows:
- IP: xxx.xxx.xxx.xxx
- Hyderabad, India
EventBridge payload contains:
json “location_info”: {}

Could you please confirm:

Whether geolocation enrichment is expected to be included in Log Stream/EventBridge events
If there is any tenant setting or configuration required to enable it
Whether event.request.geoip data from Actions can be propagated into exported log events

We are specifically interested in login and MFA-related events (s, f, gd_auth_*).

Thanks.

nik.baleca · May 11, 2026, 8:32pm

Hi @sasee.venkata

Welcome to the Auth0 Community

When an authentication event occurs (like an s for Success Login), Auth0 does two things:

Real-time Streaming: It immediately serializes the event and fires it off to configured Log Streams (like EventBridge) to ensure the lowest possible latency.
Asynchronous Enrichment: It kicks off a background task to resolve the user’s IP address against a GeoIP database.

Because Log Streams are optimized for near real-time delivery, the event payload is often dispatched before the asynchronous GeoIP resolution has completed. As a result, the location_info object is serialized as empty in the stream. Conversely, when you view the User History in the Auth0 Dashboard, the UI queries Auth0’s indexed data store, which has had plenty of time to receive and store the enriched GeoIP data.

1. Is geolocation enrichment expected to be included in Log Stream/EventBridge events?

It is included if the internal GeoIP lookup completes before the stream fires, which is highly inconsistent and never guaranteed. For highly responsive streams like EventBridge, you should generally expect it to be empty or incomplete.

2. Is there any tenant setting or configuration required to enable it?

No. There is no tenant-level toggle or configuration to force Auth0 to wait for the GeoIP resolution before firing the log stream. Auth0 prioritizes stream latency over enrichment completeness.

3. Can event.request.geoip from Actions be propagated into exported log events?

No, you cannot mutate or append custom data to Auth0’s standard core log events (like s , f , or gd_auth_* ). The schema for these core events is immutable. Even if you access event.request.geoip inside a Post-Login Action, there is no api.log.set() method to inject that data into the primary login log payload.

If you have any other questions, let me know!

Kind Regards,
Nik

Topic		Replies	Views
Geoip doesn't always work Get Help bug , auth0 , login , log	9	2780	October 19, 2022
Why search log events don't return location information? Get Help logs , management-api	4	1270	March 8, 2024
Take device finger print and Geo location Get Help mfa , mfa-api	2	277	March 11, 2025
Getting current location using Auth0 rules Get Help auth0 , rules	2	1936	June 5, 2022
Getting user's most recent logins paginated with location_info Get Help	0	1933	April 18, 2022

MFA empty location_info

Related topics