I want to limit where system Users can log in from (IP banning/blocking), how can I do this?
|Updated: 23 June 2011 14:40:53||OpenCRM::Settings OpenCRM::Settings::Users|
An administrator can activate the Authorised IP checking facility in OpenCRM to make sure users can only log in from specific IP addresses.
From Settings, open Additional Settings and then find the Security settings block shown below,
To activate the feature, tick the 'Limit OpenCRM access to specified IPs' box
You will also need to enter the usernames of one or more users with admin access, these users will need to be available to enter IPs when a user needs access from a currently unauthorised location.
Setting Authorised IPs
To set global access from some IP addresses, for example your own offices, enter these in the Company wide authorised IPs Box
Enter a list of IP addresses that are allowed to access your OpenCRM system. Leave this box blank to only use per User IP addresses, or enter *.*.*.* to allow access from anywhere (this however will have the same effect as turning the feature off).
To set the authorised IPs at a user level, edit the User record in question, at the bottom of the edit screen you will see this box;
As before enter the IPs that this User is allowed access from.
If you tick the Disconnect users sessions if they are on unauthorised IPs box, you need to be sure all allowed IPs are entered, either on the company global list or on the relevant users. If a user is not on a recognised IP their OpenCRM session will be terminated upon their next page load. This includes your own session so when this box is ticked if you are on an unrecognised IP your session will be terminated and you will be unable to re-log in until another administrator has authorised your IP address or turned off the feature.
In the security settings is a box to block access from specific IPs this takes a list just the same as the allow box, only this is a blacklist of IPs, no one will be able to access the system from any of the specified IPs, similar to ticking the box to disconnect users if they're not on authorised IPs, adding an IP to this list will block access to anyone on that IP even if they are already logged in. However instead of just disconnecting their session, they will be redirected to the website page specified in the Redirect Blocked Ips to box.
How It Works
When a user tries to log in to OpenCRM the list of IP addresses that have access for the company is added to the list that is stored against the user that is trying to log in. If you have entered *.*.*.* on either of these lists or both lists are blank then the feature is disabled for this login attempt. If however there are a list of IP addresses, the user's current IP address is checked against this dynamic list, if this finds a match then they are allowed access and their password is checked as normal. If the IP is not on the list then the user is not allowed access and they are returned to the login page displaying an information message.
When a User is blocked because they are accessing from an unauthorised IP address the user will see the message below;
This tells the user the feature is enabled and provides a link to request their current IP be authorised by an administrator. Clicking this link will give the User this screen allowing a message to be sent requesting IP authorisation;
This form allows the user to send a message to the Administrator responsible for authorising IPs, the message sent will automatically include the IP the user is currently using. The message box is there for the user to confirm they are who the message claims them to be, this could be by providing details that can only be found on their user record, or maybe an agreed upon passphrase.
Before being able to submit this form the user needs to enter the code shown, this is just to confirm they are human and not spam robots trying to use the form for mischief.
Disclaimer: All IPs in the screenshots are made up and any systems they do point at have nothing at all to do with OpenCRM.
You may also be interested in:
- How can I find the name of a field (Chrome browser) within OpenCRM? Updated : 27-07-2012 14:19
- How do I use multi-currency / currency fields in PDF Templates? Updated : 08-01-2013 14:48
OpenCRM::Opportunities OpenCRM::Quotes OpenCRM::Orders::Sales Orders OpenCRM::Orders::Purchase Orders OpenCRM::Invoice OpenCRM::Settings OpenCRM::Settings::Templates
- OpenCRM - Change Management Procedure - What you can expect? Updated : 21-05-2012 14:26
- What is the European Union's Data Protection Directive (EUDPD) and does my OpenCRM system meet these guidelines? Updated : 01-05-2012 12:45
Why should I not tick the "Create Google contact folders" option in my Google Sync settings?Updated : 21-05-2012 08:58
OpenCRM::Settings OpenCRM::Settings::Users OpenCRM::Settings::Google Sync
How do I recover deleted items? Is there a Recycle bin?Updated : 17-12-2012 17:30
How do I log into the foreign language (French and German) editions of OpenCRM?Updated : 08-01-2013 14:40
What are Action Plans in OpenCRM and how can I use them to get the most out of my OpenCRM solution? And what are Conditional Action Plans?Updated : 14-05-2012 16:34
OpenCRM::Leads OpenCRM::Emails OpenCRM::Contacts OpenCRM::Activities OpenCRM::Companies OpenCRM::Opportunities OpenCRM::Quotes OpenCRM::Orders::Sales Orders OpenCRM::Orders::Purchase Orders OpenCRM::Invoice OpenCRM::Projects OpenCRM::Helpdesk OpenCRM::Documents OpenCRM::Events OpenCRM::Campaigns OpenCRM::Settings OpenCRM::Settings::Additional
Changing LayoutsUpdated : 21-05-2013 17:32
How do I turn on the Quick Create and Jump To components in the sidebar?Updated : 15-11-2012 13:07
Where has my "New.." menu gone?
OpenCRM::Interface-Display OpenCRM::Settings OpenCRM::Settings::Users