Monitoring Change Password Email Request
This recommendation is provided as an alternative to trying to include a CC or BCC on a change password email request.
- Change password email
- Password reset
- Email template
Forwarding such sensitive emails can lead to serious issues, such as
- Unapproved account takeovers.
- Replicate legitimate Auth0 emails to carry out phishing attacks.
- Makes tracking and auditing who accessed the reset information more difficult
Recommended Approach: Monitoring Events Using Auth0 Logs + Configuring Log Streams in Auth0
A more secure option is to use Auth0's logging and monitoring features, which provide detailed insights into account activities without exposing sensitive information.
Auth0 provides a Management API, which makes it possible to programmatically retrieve logs. For details, refer to Retrieve Log Events Using the Management API. By using this API, it is possible to set up a script or automation tool that regularly pulls logs for specific events, such as account blocks or resets.
For a more integrated and scalable solution, you can stream these logs to external logging services like AWS Eventbridge, Splunk, or Datadog. For more details, see Log Streams.
Once the logs are in a centralized system, monitoring rules can be set that look for specific events. For example, configuring the system to detect when a Successful change password request (scpr) event occurs. Refer to Log Stream Filters for information on configuring filters.
Related References
