Skip to main content

2FA settings to whitelist specific IP addresses

Ioan Pintescu

Hello,

We need an option to whitelist specific IP address in the 2FA settings for web based HTTPS connections. With these settings applied, any user who connects from the whitelisted IP addresses should skip the 2FA login prompt.

Is this something you can add in a future update? Thank you.

1

Comments

2 comments

Date Votes
  • Ian Butteriss
    Product Support

    Hi Ioan, thank you for your enhancement request. Can you clarify something?

    If a certain IP address is whitelisted for 2FA, but a user who normally logs in from that IP has to log in from another IP, would the expectation be that they would be required to set up 2FA at that point?

    Also, what would you want to see happen if that user then goes back and logs in from the whitelisted IP? At the moment setting up 2FA on a user account is 'permanent' until Disabled by the Cerberus admin or, if permitted, by the user.

    Thanks!

    Ian - Cerberus Technical Support

    0
  • Robert Gneist

    hi!

    although i see some 'risks' in this feature (e.g. explaining the user why he has to use 2fa in some cases, but not in others) we also have an actual use-case for this feature-request

    to answer your question to the OP from my side (and i'm not connected to the OP, so his opinion migh differ)
    2fa whitelisted IP -> login -> no 2fa request
    'other' ip -> login -> 2fa-challenge or setting up 2fa for this user, IF the admin enabled it for this particular user
    should the user then login from a whitelisted ip again, there should be no 2fa challenge

    think of it this way: NO 2fa if the user connects from within the corporate network, as soon as a login with this user comes outside the corporate network which is whitelisted, the user is presented a 2fa challenge

    i would also prefer not to automagically enable users to 2fa 'without' knowing of an admin
    although, maybe that could be a general option somewhere as well as some people might prefer to have less administrative work to do?

    and once 2fa is enabled and configured for a user, that should be permanent until disabled by an admin imho
    i would prefer not to allow a user to disable 2fa himself in our environment, but again, opinions might differ ;)

    thanks
    rob

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post