Restricting IdentityNow Access
IdentityNow allows you to restrict the sign-in locations permitted for users in each defined identity profile. You can configure restrictions based on:
- IP address blocks that define your network to prevent access from off-network IP addresses.
- A Block List to prevent user access from specified countries.
- An Allow List to permit user access only from specified countries.
To apply these restrictions you must:
- Define the restrictions as global configurations.
- Choose which of those restrictions to apply to each identity profile.
Important
These restrictions do not apply when you use single sign-on to authenticate users to IdentityNow.
Specifying Network IP Restrictions
To set up access restrictions based on network, define your network by adding the IP address blocks of your network.
-
From the Admin interface, go to Global > System Settings > Network Settings.
-
Under Network Definition, specify a range of IP addresses using Classless Inter-Domain Routing (CIDR) notation.
-
To add more IP addresses, select Add and enter another range. Repeat until you've added all the IP address ranges you want to allow to access IdentityNow.
Note
To remove an IP address block, select the Delete icon
next to it.
-
Select Save.
Specifying a Block List or Allow List
To restrict user access by country, define the permissible set of countries through either a block list or an allow list.
-
From the Admin interface, go to Global > System Settings > Network Settings.
-
Under Trusted Countries, select either Block List or Allow List.
- A block list defines countries that your organization considers untrusted so IdentityNow can prevent sign-in from IP addresses associated with them.
- An allow list defines countries that your organization considers trusted so IdentityNow can allow sign-in only from IP addresses associated with them.
-
Begin typing the name of a country in the field and select it from the list. Select Add to enter another country. Repeat until you've added all the countries you need.
Note
To remove a country from the list, select the Delete icon
next to the country.
-
Select Save.
Applying Restrictions to Users per Identity Profile
Access restrictions must be applied to each identity profile to constrain those users' access to IdentityNow.
-
Go to Identities > Identity Profiles.
-
Select the identity profile you want to edit.
-
Under Block Access From, choose which restrictions to apply to those users.
- Select Off Network to prevent them from accessing IdentityNow from outside your defined network.
- Select Untrusted Geographies to prevent access from the countries in your block list or to allow access only from the countries in your allow list.
-
Scroll to the bottom of the page and select Save.