Sunday, September 16, 2018

Employee IP Address Restriction is Not Enforced


SCENARIO

  • IP Address Rules feature is enabled in the account (Setup > Company > Enable Features > Company tab > Access section)
  • Allowed IP Addresses are defined in the Company Information page (Setup > Company > Company Information)
  • Allowed IP Addresses are also defined in the users' employee records (Access tab)
  • Administrator is still able to see disallowed IP addresses in Login Audit Trail Search


To set up the Login Audit Trail Search:

1. Navigate to Setup > Users/Roles > View Login Audit Trail.

2. Enter search criteria as needed.

3. Click Create Saved Search.

4. Under Results tab, add report columns as desired.

5. Edit the Search Title and click Save & Run.

Sample Results:

       3/10/2009 3:40 pm  Administrator 172.18.1.54

       3/10/2009 4:38 pm  Custom Role A   172.18.1.54

       3/10/2009 7:04 pm  Administrator 172.18.1.55

       3/10/2009 7:05 pm  Custom Role B 100.0.0.00 --> this is the invalid IP

       3/10/2009 7:49 pm  Administrator 172.18.1.56


RESOLUTION


To ensure all users log in using only the allowed IP Addresses, each assigned role must be restricted by IP Address.

1. Navigate to Setup > Users/Roles > Manage Roles.

2. Edit the custom role with disallowed IP address.

3. Mark the Restrict this Role by IP Address checkbox.

4. Click Save.


Note
:
The
Restrict this Role by IP Address setting is disabled for all roles created in the account prior to enabling the IP Address Rules feature in the account. This setting, on the other hand, is enabled automatically for standard roles including Administrator as soon as the feature is enabled.

No comments:

Post a Comment