From Auth0 Actions, I can see that you can enrich metadata with the location from which a user logged in.
If I wish to extend/create a rule which requires a user to, for example, click a link sent to their email to confirm login from a new IP, how much of that loop can be managed by built-in auth0 functionality, and how much would have to be done manually?
For example, would this use case require me to store the IPs myself, determine what is considered a new unsafe IP, send the confirmation email to the user’s address where clicking the given links flips a flag that allows login from this new location (stored in our own DB), then allow new login?
Hey there @justin6 and welcome to the Auth0 Community!
This would likely need to be extended and developed by you. We have a list of sample rules here but it doesn’t cover the scope of what you are looking to do. If you feel there is a benefit to seeing this be built out as a base rule, please let us know at Auth0: Secure access for everyone. But not just anyone.. Each of one these requests submitted at /feedback is read by the product team and help shape the future of where we turn our attention to next. Please let me know if you have any additional questions!