This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 7.000000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
We are trying to utilize an ROPC user flow with a B2C tenant. When the user initially logs in, it shows their login from their hosted IP address wherever they are. Then the user flow shows another login that comes from our corporate IP address range. This is generating impossible travel scenarios and because of that users are getting blocked because we use Identity Protection. I believe what's happening is it senses the Sign-In as a medium risk sign-in, which then forces an MFA challenge. However you can't use MFA challenge through an ROPC user flow. So the login is blocked.
Does anyone have any suggestion on how we can address this problem?
Hello @Dale Puumala , Do you need additional assistance? Was the provided answer helpful? If it was, please remember to accept it so that others in the community with similar questions can more easily find a solution.
Hello @Dale Puumala , you can create Trusted Locations for both hosted and corp addresses IP ranges and exclude them from any applicable policy conditions.
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.