I have a webhook configured on Auth0 Streams Dashboard and it is forwarding event logs to our server endpoint as intended.
However, when an action (such as unenrolling MFA for a user) is performed by a tenant administrator via the Auth0 dashboard, the IP address of the tenant admin is not found in the logs. Instead, it denotes a private Auth0 IP. Please see the image below
I tried programmatically resetting MFA using Auth0 management API and providing IP address in “auth0-forwarded-for” header. But looks like this does not fall under Anomaly events so I do not see the IP address in logs.
What are my options here to get the tenant admin IP that performed the action?
One of the ways I can think of is to set up an endpoint on my server that calls Auth0 management API. This way I can get the IP address of person making request to my server. This seems a bit over-engineered though.