Requiring (extra, e.g. email) confirmation when logging in from new IP

justin6 · July 17, 2019, 10:58pm

Hi,

From https://auth0.com/rules/get-getIP, I can see that you can enrich metadata with the location from which a user logged in.

If I wish to extend/create a rule which requires a user to, for example, click a link sent to their email to confirm login from a new IP, how much of that loop can be managed by built-in auth0 functionality, and how much would have to be done manually?

For example, would this use case require me to store the IPs myself, determine what is considered a new unsafe IP, send the confirmation email to the user’s address where clicking the given links flips a flag that allows login from this new location (stored in our own DB), then allow new login?

Thanks.

James.Morrison · July 31, 2019, 4:36pm

Hey there @justin6 and welcome to the Auth0 Community!

This would likely need to be extended and developed by you. We have a list of sample rules here but it doesn’t cover the scope of what you are looking to do. If you feel there is a benefit to seeing this be built out as a base rule, please let us know at Auth0.com/feedback. Each of one these requests submitted at /feedback is read by the product team and help shape the future of where we turn our attention to next. Please let me know if you have any additional questions!

system · August 15, 2019, 4:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.