This is really important as it is not currently possible to restrict the use of user tokens/keys for authentication and the use of these bypasses all the logging and controls organisations get via identity providers like Entra.

Include public IP details in the Port audit logs as well so we can setup alerts when users login with IP addresses we do not recognise

This is especially important in larger organisations where the team owning the SSO side and the team owning the Port side are different, because there's no way to investigate a user issue without the lead time of talking to either the SSO team or Port support - in fact you'd have to talk to both or even set up a meeting between everyone.

And the problem could be as simple as user misinput, but there's no way to tell.........