Restrict the IP addresses permitted to log in to Creatio
Access restrictions to specific IP addresses for some Creatio users can be a part of your company's privacy policies for working with sensitive content. You can apply these restrictions to individual users or user roles. For example, you can restrict your financial department to IP addresses you use in your local network. This way these employees will be able to login to Creatio only from the office.
The restriction setup procedure consists of multiple steps:
- Set up IP address restrictions in configuration files. Read more >>>
- Set up restrictions for users or roles. Read more >>>
- Set up operations permissions. Read more >>>
Set up IP addresses restrictions in configuration files
Take this step only if you use Creatio on-site. If you use Creatio in the cloud, contact the support team (support@creatio.com
) so that they make the needed changes.
Set the useIPRestriction
parameter to true
in web.config files of your Creatio instance.
Set up restrictions for users
-
Click → Organizational roles.
-
Select the corresponding organization and/or division in the list of organizational roles. This brings up the selected role page to the right.
-
Open Access rules tab.
-
Click on the Range of allowed IP addresses detail and fill out the Start IP address and End IP address fields.
-
Repeat step 4 for all the needed IP addresses.
noteTo set up restrictions for a specific user take the same step on the Access rules tab of the user page.
-
Add IP address restrictions for manager role (optional). To do this click on the Range of allowed IP addresses for managers detail and fill out the Start IP address and End IP address fields.
Set up operation permissions
- Click → System Designer → Operation permissions
- Apply the "Name = Ignore access check by IP address" (or "Code = SuppressIPRestriction") filter. Click the operation name to open the operation.
- Click and specify the necessary user/role on the Operation permission detail. For example the "Finance" organizational role. The user/role will show up on the Operation permission detail with the "NO" value in the "Access level" column.
As a result, employees that have the "Finance" role will not be able to log in to Creatio outside of the permitted range of IP addresses.