We have been using the email-based passwordless auth for several months, and it has worked extremely well. However recently some of our customers have switched to using Mimecast for email security. One of the features of the Mimecast service is that it tests all the links in an email for malware.
End result is that the Mimecast service is triggering the OTP link in the Auth0 email, before it reaches the customer’s inbox… and therefore guaranteeing an authentication error.
Has anyone else run into this? What work arounds have people found?