Security IP Address Whitelist IP Address Whitelist viewAdministration Security IP Address Whitelist IP Address Whitelist view
The IP Address Whitelist view enables you to maintain IP address restrictions for your site. This security feature enables you to restrict the IP addresses from which a user can log in to N4.
Prerequisites
You must have the IP Address Whitelist (NODE_IP_WHITELIST) privilege (on page 1) to access the IP Address Whitelist view.
In the IP Address Whitelist view, you can add a range of IP addresses and associate them with a user role. If a user tries to login from an IP address that is not within the ranges specified for any of the roles assigned to the user, those roles and included privileges are removed from the user account at the time of the login. N4 displays a message informing the user about the changes to their roles and privileges.
N4 has two special user accounts, admin and navis that are considered as super administrators. These accounts do not have any specific roles assigned and inherit all roles and privileges defined in the system. If these accounts do not meet any of the criteria listed in the IP Address Whitelist view, N4 prevents them from logging in and displays an appropriate error message. To create a separate whitelist for the super administrators, select the Super Administrator role from the User Role drop-down list in the IP Whitelist form (on page 1).
There are some instances when the IP address whitelist does not restrict access:
IP address whitelists restrict only the users logging in to N4 and N4 CAP interfaces. It does not restrict the access for the web services, such as the EDI and REST Web Services.
Users logging into N4 from localhost (from the same machine where the N4 application server is running) are always allowed to login and bypass the IP address whitelist restrictions. This ensures that someone may not accidentally lock out all users from the system.
Be aware that proxies, routers, and firewalls may translate or hide the original IP addresses of the incoming requests. This translation must be taken into account when constructing the IP address whitelist. For example, it will restrict the IP address from the proxy or load balancer instead of the originating host. Consult with your IT department for details related to any IP address translation scenarios.
|
Short Label |
Long Label |
In Filter? |
Sorting? |
|---|---|---|---|
|
IP Address Whitelist Range |
IP Address Whitelist Range |
X |
X |
|
Role Name |
User Role Name |
X |
X |