User Security

Trying to get an idea of how others are handling user security specifically related to locking down remote access and Multifactor Authentication combined.

Scenario 1 - Want to lock down certain users from accessing the system if they are not onsite. We can accomplish this via “Valid IP Ranges” config setting.

Scenario 2 - Want certain managers/owners to be able to access the system regardless of where they are (and using Multifactor Authentication when not onsite). Can accomplish part of this using “Skip Multifactor Authentication In These IP Ranges” config setting. However if I am using Valid IP Ranges from scenario 1 then they can’t log in from just any location.

Ideally, would like to have something at the Role or User level that blocks certain users to access the system regardless of IP address and Multifactor Authentication. OR would require some approval before providing a multifactor authentication code so we can deny access for certain users in Scenario 1? Does this already exist and we just can’t find the settings?

@robinl That’s a good question. Let us investigate and see if we have a way of making this work for you.

Hey @robinl,

I just heard back on this request. We do not support what you are asking specifically – the closest enforcement we have is based on IP.

The best option would be to register your office IPs and any remote IPs for users that you want to allow remote access using the valid ip ranges setting. The use the Skip MFA setting as an additional security layer, where the remote IPs that are valid do not get skipped, so that they have to use MFA.