IP Filter Policies

Table of contents
  1. 1. Filter Policy Configuration

(Version 7.9.3+, Enterprise+ or higher)

Administrators can use an IP Filter to limit access to Password Server and enforce different sign-in steps based on the IP of the incoming request and on the policy of the login User. The IP Address of the request is validated at sign-in.

This allows controls based on the IP address (or IP address range) for:

  • Bypassing 2FA
  • Whitelisting access
  • Restricting network access

To configure an IP Filter Policy, navigate to Users & Roles > Manage > Policies, then create a new Policy or Edit an existing one.

Filter Policy Configuration

  • Default Action:
    • The action that will be taken in the IP of the incoming sign in request does not match any of the Client IP Ranges configured below.
    • Depending on whether the Default Action is Deny or Allow, the IP Filter Policies can act as either a whitelist or blacklist respectively.
  • IP Filter Policies
    • Client IP Range:
      • The set of IP addresses to apply the selected action to.
      • Accepts a comma separated list of addresses and/or ranges of IP addresses.
        eg. 10.10.5.4, 10.10.7.0-10.10.7.20
    • Action:
      • Available actions are:
        • Allow and Follow Two Factor Policy:
          • The default. The sign-in is allowed and all steps are expected.
        • Allow and Bypass Two Factor Policy:
          • The sign-in is allowed, but the Two Factor step will be skipped for this Range.
        • Deny
          • Sign-in is not allowed from IPs in this Range.
You must login to post a comment.