Skip to content

Restricting IdentityNow Access

IdentityNow allows you to specify which locations users can sign in from. For example, you may want to restrict user access to IP addresses on your network or only those users from trusted countries.

You can control these types of access by defining:

  • IP address blocks in your network to prevent access from off-network IP addresses
  • Block Lists, which when applied to identity profiles block access for identities from those countries
  • Allow Lists, which automatically enable access for all users from those countries

Important

You can create either a Block List or an Allow List - not both. Determine your org's access needs before creating one of these lists.

Restricting Access Based on Network

Define your network by adding the IP address blocks of your network. Enter this information using Classless Inter-Domain Routing (CIDR) notation. After defining your network, you can configure IdentityNow to restrict access to only those users on your network. Users logging in from off-network IP addresses will be unable to log into or change their passwords in IdentityNow.

To set up and apply access restrictions based on network:

  1. From the Admin interface, go to Global > System Settings > Network Settings.

  2. Under Network Settings, go to Network Definition, type the range of IP addresses using CIDR notation and click Add. Repeat this step until you've identified and added all the IP addresses you want to be able to access IdentityNow.

    Note

    To remove an IP address block, click the Delete icon next to it.

  3. Click Save to apply and save your changes.

  4. Go to Identities > Identity Profiles.

  5. Select the identity profile you want to edit.

  6. Scroll down to Block Access From and select Off Network to restrict access from outside your network.

  7. Scroll to the bottom of the page and select Save to apply and save your changes.

Restricting Access Based on Country

Create a Block List to define countries that your organization considers untrusted. Then apply the Block List to one or more identity profiles to restrict profile members with IP addresses from those untrusted countries from logging into or changing passwords in IdentityNow.

To restrict access based on country:

  1. From the Admin interface, go to Global > System Settings > Network Settings.

  2. Under Trusted Countries, select Block List.

  3. Type the name of a country in the field. Click Add to enter another country. Repeat these steps until you've identified and added all the countries you need to keep from accessing IdentityNow.

    Note

    To remove a country from the Block List, click the Delete icon next to the country.

  4. Click Save to apply and save your changes.

  5. Go to Identities > Identity Profiles.

  6. Select the identity profile you want to edit.

  7. Scroll down to Block Access From and select Untrusted Geographies to prevent access from the countries in your Block List.

  8. Scroll to the bottom of the page and select Save to apply and save your changes.

Allowing Access Based on Country

Create an Allow List to define trusted countries. Users from trusted countries can sign in to IdentityNow and change their passwords. IdentityNow considers countries not on this list to be untrusted.

To allow access based on country:

  1. From the Admin interface, go to Global > System Settings > Network Settings.

  2. Under Trusted Countries, select Allow List.

  3. Type the name of a country in the field. Click Add to enter another country. Repeat these steps until you've identified and added all the countries you consider trusted.

    Note

    To remove a country from the Allow List, click the Delete icon next to the country.

  4. Click Save to apply and save your changes.