Intended to minimize the risk of unauthorized access, Login Locations are based on IP Addresses.
When set up incorrectly, it can prevent your entire organization from accessing your data. We highly recommended that only the person responsible for IT infrastructure manage location-based security if you need to use it.
The User option "Login from anywhere" overrides a user being included in a Login Location restriction. For example, if a User named 'Buddy' is added to a Login Location called 'Office Only', and Buddy's User account has Login from anywhere checked, Buddy can still log in from anywhere, regardless of being included in the Login Location list. Edit the User Buddy and uncheck Login from anywhere.
Considerations before setting up Login Locations:
- If your office does not have a static IP address, meaning it can change, it is very dangerous and unwise to use location-based security.
- If a location of 'Office Only' is defined and properly implemented, only users who log in from your office network will be allowed access. Mobile devices, home access, coffee shop access will all be denied, UNLESS a VPN (virtual private network) is set up so remote users can securely connect to the office network, then connect to Moraware.
- Identify which users should be restricted to a specific IP address or range of IP addresses.
- Login Location is driven off of IP addresses ranges.
- Users must be selected for Login Location rules to apply - an empty list of Users means NO users fall under the location restrictions.
- Go to Settings > System > Login Locations and click +Create at the top of the page.
- Name the location and click the Multiple icon to select the Users restricted to this Login Location rule.
- Enter a single IP address or a range and Save.
- Go to Settings > Users & Roles > Users
- For each User on the list of restricted Login Locations, confirm restrictions are in effect by inspecting the Login From column in the User list.