Auth0 Home Blog Docs

Multifactor: Per-user configuration of 'trusted' source IPs not to use MFA

mfa
rules

#1

I can see under “Configuring Custom Multifactor -> Access from an Extranet” in the Auth0 docs how to check for requests from a corporate network to use in deciding whether to require MFA.

However, if different users should be checked against different networks, do you have any suggestions on how to achieve this? I presume a good solution would be to store the required network subnet in the users’ app data, so the rules can check that against the request’s IP address. I expect this would be better than trying to make a call out to another service to check the desired IP range.Does anyone have any other suggestions here?