Hi,
From https://auth0.com/rules/get-getIP, I can see that you can enrich metadata with the location from which a user logged in.
If I wish to extend/create a rule which requires a user to, for example, click a link sent to their email to confirm login from a new IP, how much of that loop can be managed by built-in auth0 functionality, and how much would have to be done manually?
For example, would this use case require me to store the IPs myself, determine what is considered a new unsafe IP, send the confirmation email to the user’s address where clicking the given links flips a flag that allows login from this new location (stored in our own DB), then allow new login?
Thanks.