I have a whitelist of email addresses set up as a rule based on the example, Auth0 IP Addresses for Allow Lists. It’s a copy & paste except for the array of email addresses of course. This works fine if they are on the whitelist before they create an account. However, if they create the account first and then I add them to the whitelist, they are denied access. It doesn’t matter how many times they log out and back in. The only workaround I’ve found is to just delete them and have them create a new user after the whitelist has been updated. This works 90% of the time but some still aren’t granted access.
Is there not a better solution? I really don’t understand why the rule only runs on signup. Shouldn’t it run each time a user attempts to sign in?