You can configure Identity Server to retrieve IP addresses in a NAT environment.
Click Policies > Risk-based Policies > NAT Settings.
Specify the name of the field to use for fetching the IP address of the client.
Specify the regular expression to retrieve the client IP address from the HTTP header value.
When you use the regular expression .* , the rule execution fails even if the client IP address exists in the list of multiple IP addresses. So, if you want to retrieve an IP address from a list of multiple IP addresses, modify the regular expression accordingly.
For example, if you specify the regular expression as .*?(?=,), Identity Server considers the first IP address in the list to calculate risk. So, if the list of IP addresses is similar to 10.20.20.1,10.30.30.1,10.40.40.1, the regular expression .*?(?=,) returns IP address 10.20.20.1.
NOTE:if you have only one address, .* is sufficient. The approach described in step 3 is required for a list of addresses in the x-forwarded-for format.