Difference between revisions of "Login IP Address Restrictions"

From AgileApps Support Wiki
imported>Aeric
imported>Aeric
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
Use this feature to restrict [[Login]] to users in a limited IP address range.  
For extra security, enter ranges of IP addresses from which users are allowed to access the platform. If a user attempts to login from a computer on a network outside of the specified range, access to the platform is denied.


{{permissions|Access Control/User Management|specify the range of IP addresses from which user logins are allowed}}
{{PermissionRef|Access Control|specify the range of IP addresses from which user logins are allowed}}


If a user attempts to login from a computer on a network outside of the specified range, access to the platform will be denied.
;To configure an IP address range:
 
#Click '''[[File:GearIcon.png]] > Administration > Access Management > Access Profiles'''
===Configure IP Address Range===
#Select the Access Profile of interest, or create a new one
 
To configure an IP address range:
#Click '''Settings > Administration > Access Profile'''
#Select the Access Profile of interest
#Enter an IP address range in the text area, following these guidelines:
#Enter an IP address range in the text area, following these guidelines:
#*A maximum of 25 IP address ranges can be specified
#*A maximum of 25 IP address ranges can be specified
#*Enter one range per row in the text area
#*Enter one range per row in the text area
#*Add, Modify and Delete capability is also provided
#*Add, Modify and Delete the entries, as needed
#*Accepted format is <tt>xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy</tt>, where:
#*Accepted format is <tt>xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy</tt>, where:
#** <tt>xxx</tt> and <tt>yyy</tt> are numbers in the range 0-255
#** <tt>xxx</tt> and <tt>yyy</tt> are numbers in the range 0-255
Line 19: Line 15:
#*To specify a single IP address, use the same IP address for the start and endpoint of the range: <tt>192.168.1.10 - 192.168.1.10</tt>
#*To specify a single IP address, use the same IP address for the start and endpoint of the range: <tt>192.168.1.10 - 192.168.1.10</tt>


The IP addresses will be checked in the order in which they are configured and the checking will stop with the first match.
;How it works:
 
:* When a user attempts to log in, the IP address of the system the request originated from is checked against the configured settings. If the address is in the allowed range, the user can continue the login process. Otherwise, login is denied.
===Enforcement===
:* Access violations are recorded in the audit log, identifying both the user and the IP address from which the login attempt originated
*If the user belongs to multiple teams, the role associated with the user's primary team will be used for enforcement
:* Login restrictions apply to all user logins - using a web browser, Email Edition, mobile access, or REST APIs.
* When a user logs in, the source IP from which the user request originated will be checked against the range of IP addresses configured. If it is in the allowed range, the user can continue to login, else the login will be denied.
:* The restrictions do not apply to Customer Support logins.
* Any access violation will be logged to the audit log giving details of the user and the IP address from which the user tried to login
* The enforcement will be done for all user logins - whether using a web browser, Email Edition, mobile access, or REST
* The enforcement would not apply while doing Customer Support Login into customer accounts

Latest revision as of 00:39, 1 June 2013

For extra security, enter ranges of IP addresses from which users are allowed to access the platform. If a user attempts to login from a computer on a network outside of the specified range, access to the platform is denied.

Lock-tiny.gif

Users that have the Access Control permission can specify the range of IP addresses from which user logins are allowed. 
To configure an IP address range
  1. Click GearIcon.png > Administration > Access Management > Access Profiles
  2. Select the Access Profile of interest, or create a new one
  3. Enter an IP address range in the text area, following these guidelines:
    • A maximum of 25 IP address ranges can be specified
    • Enter one range per row in the text area
    • Add, Modify and Delete the entries, as needed
    • Accepted format is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy, where:
      • xxx and yyy are numbers in the range 0-255
      • xxx.xxx.xxx.xxx is less than or equal to yyy.yyy.yyy.yyy
    • To specify a single IP address, use the same IP address for the start and endpoint of the range: 192.168.1.10 - 192.168.1.10
How it works
  • When a user attempts to log in, the IP address of the system the request originated from is checked against the configured settings. If the address is in the allowed range, the user can continue the login process. Otherwise, login is denied.
  • Access violations are recorded in the audit log, identifying both the user and the IP address from which the login attempt originated
  • Login restrictions apply to all user logins - using a web browser, Email Edition, mobile access, or REST APIs.
  • The restrictions do not apply to Customer Support logins.