Overview
IP whitelisting is a security feature that allows only certain IP addresses to access your platform while blocking all others.
This feature gives the Admin user the possibility to configure one or more IP ranges that are authorized to log in and have access to the functionalities.
The flow is as follows:
An Admin user whitelists a specific IP range, and users that are currently logged in from an IP outside the whitelisted range will no longer have access to the API, and all requests will be marked as unauthorized, and eventually, the user will be logged out automatically. Login requests from IPs outside the whitelisted range are denied.
In this article:
- IP Whitelisting Submenu
- How to enable the IP Whitelisting feature?
- How-To Add or Remove New Rule?
- Login from Unauthorized IP
IP Whitelisting submenu
This submenu is present under Administration/Account Settings. It contains a list of IP ranges that are whitelisted by the Admin. To add a new range, the admin must click on Add New Rule button, fill in a Name for the rule and an IP range and save the settings.
This section also contains a message informing the user of the current IP and the necessity for it to be within the whitelisted range.
The admin can also edit an existing rule or delete it. At least one rule must exist for the IP Whitelisting to take effect.
How to enable the IP Whitelisting feature?
This feature is part of a bundle features called Advanced Features.
Advanced Features can be enabled/disabled for each individual Company in the Reseller platform by the Reseller Administrator.
A new section will be added to the Edit Account page called Advanced Features. Advanced Public Link Settings, Device Management, and IP Whitelisting will all be grouped under this section and will be controlled by a single toggle, acting as a feature bundle.
From here, the Reseller Administrator can Enable/Disable the features bundle for the Company. By default, the feature will be disabled.
How-To Add or Remove New Rule?
To add a new rule:
1. Under the Account settings, click on the IP Whitelisting submenu.
2. Click on the + Add New Rule button.
3. Double-click on each detail and enter the IP information to be whitelisted.
4. Once done, click on the Save Settings button to complete the setup.
Important Note!
Upon completing the setup, the changes should take effect immediately. Therefore, users that are currently logged in from an IP outside the whitelisted range will no longer have access to the API, and all requests will be marked as unauthorized, and eventually, the user will be logged out automatically
To remove a rule:
1. Simply go to the IP Whitelisting submenu.
2. Look for the rule to be removed, and click on the Trash bin icon.
3. Click the Save Settings button to complete the removal.
Important Note!
Upon removal of an existing rule, users within the removed IP range will no longer have access to the API. It's best practice to let the users know about this prior the removal, as it will affect any ongoing activities while using the platform.
Login from Unauthorized IP
When a user tries to log in from an IP address that is not within the whitelisted range, he/she will be greeted with a new screen informing that the location is not authorized.
Important Note!
IP restrictions will only apply for users that are primary to the company in question. A user that is primary on a different company and is secondary to a company that has IP Whitelisting enabled will not be affected by the IP restriction. The user will still have access to the company regardless of the IP restriction. The same logic of primary and secondary companies are applied to the secondary domain.If the promary company on the secondary domain has IP Whitelisting enabled, the user will only have access to the company if they are within the whitelisted IP range.
Office Online, which is a (3rd) third-party integration, will continue to work as expected although IP Whitelisting is enabled. This is due to a special header added to the request that informs the server that the request was initiated from the user's IP (which is whitelisted).
If as user is logged in while IP Whitelisting is enabled and its IP is not within the whitelisted range, the user will no longer have access to the API, meaning all the requests will be forbidden. After a request is made from an unauthorized IP, the refreshToken will be revoked and the user will be eventually logged out.
If Advanced Features gets disabled for the Company, all the rules will still remain in the DB but not be enforeced, the submenu will only display a banner informing that IP Whitelisting has been disabled by the reseller. If Advanced Features gets re-enabled, all the rules from the IP Whitelisting section will be automatically enforced.
If you have further questions or clarifications, feel free to contact us by submitting a ticket through RushFiles HelpDesk Support.