AgileApps Support Wiki Pre Release

Login IP Address Restrictions

From AgileApps Support Wiki
Revision as of 01:35, 20 April 2011 by imported>Aeric
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Use this feature to restrict Login to users in a limited IP address range.

Lock-tiny.gif

Users that have the Access Control/User Management permission can specify the range of IP addresses from which user logins are allowed 

If a user attempts to login from a computer on a network outside of the specified range, access to the platform will be denied.

Configure IP Address Range

The IP address ranges can be configured for each Role:

To configure an IP address range for a role:

  1. Click Settings > Administration > Roles
  2. Select the Role of interest
  3. Enter an IP address range in the text area, following these guidelines:
    • A maximum of 25 IP address ranges can be specified
    • Enter one range per row in the text area
    • Add, Modify and Delete capability is also provided
    • Accepted format is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy, where:
      • xxx and yyy are numbers in the range 0-255
      • xxx.xxx.xxx.xxx is less than or equal to yyy.yyy.yyy.yyy
    • To specify a single IP address, use the same IP address for the start and endpoint of the range: 192.168.1.10 - 192.168.1.10

The IP addresses will be checked in the order in which they are configured and the checking will stop with the first match.

Enforcement

  • If the user belongs to multiple teams, the role associated with the user's primary team will be used for enforcement
  • When a user logs in, the source IP from which the user request originated will be checked against the range of IP addresses configured. If it is in the allowed range, the user can continue to login, else the login will be denied.
  • Any access violation will be logged to the audit log giving details of the user and the IP address from which the user tried to login
  • The enforcement will be done for all user logins - whether using a web browser, Email Edition, mobile access, or REST
  • The enforcement would not apply while doing Customer Support Login into customer accounts