Access restrictions to specific IP addresses for some Creatio users can be a part of your company's privacy policies for working with sensitive content. You can apply these restrictions to individual users or user roles. For example, you can restrict your financial department to IP addresses you use in your local network. This way these employees will be able to login to Creatio only from the office.
The restriction setup procedure consists of multiple steps:
- Set up IP address restrictions in configuration files. Read more >>>
- Set up restrictions for users or roles. Read more >>>
- Set up operations permissions. Read more >>>
Take this step only if you use Creatio on-site. If you use Creatio in the cloud, contact the support team so that they make the needed changes.
Set the useIPRestriction parameter to true in web.config files of your Creatio instance.
Click → Organizational roles.
Select the corresponding organization and/or division in the list of organizational roles. This brings up the selected role page to the right.
- Open Access rules tab.
Click on the Range of allowed IP addresses detail and fill out the Start IP address and End IP address fields.
Repeat step 4 for all the needed IP addresses.
- Add IP address restrictions for manager role (optional). To do this click on the Range of allowed IP addresses for managers detail and fill out the Start IP address and End IP address fields.
Click → System Designer → Operation permissions
Apply the “Name = Ignore access check by IP address” (or “Code = SuppressIPRestriction”) filter. Click the operation name to open the operation.
Click and specify the necessary user/role on the Operation permission detail. For example the “Finance” organizational role. The user/role will show up on the Operation permission detail with the “NO” value in the “Access level” column.
As a result, employees that have the “Finance” role will not be able to log in to Creatio outside of the permitted range of IP addresses.