Requiring (extra, e.g. email) confirmation when logging in from new IP


From, I can see that you can enrich metadata with the location from which a user logged in.

If I wish to extend/create a rule which requires a user to, for example, click a link sent to their email to confirm login from a new IP, how much of that loop can be managed by built-in auth0 functionality, and how much would have to be done manually?

For example, would this use case require me to store the IPs myself, determine what is considered a new unsafe IP, send the confirmation email to the user’s address where clicking the given links flips a flag that allows login from this new location (stored in our own DB), then allow new login?


Hey there @justin6 and welcome to the Auth0 Community!

This would likely need to be extended and developed by you. We have a list of sample rules here but it doesn’t cover the scope of what you are looking to do. If you feel there is a benefit to seeing this be built out as a base rule, please let us know at Each of one these requests submitted at /feedback is read by the product team and help shape the future of where we turn our attention to next. Please let me know if you have any additional questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.