Defining IP Groups
Using IP Groups, you can define sets of IP addresses from which users might try to access your system. You can specify, for example, that users within a given IP group can connect to your systems without needing MFA, while the same users outside that set of addresses must use MFA for authentication or might be blocked entirely. A single IP Group can contain multiple IP address ranges.
For example, you might specify that workers at IP addresses within your Human Resources office could access HR systems freely. To reach those systems from off-site, the HR workers might need Multi-Factor Authentication, while workers from other departments might not be able to access those systems at all.
To work with IP groups, select 8. IP-Groups from the main MFA screen (STRMFA). The Work with IP-Groups screen appears.
| Work with IP-Groups Type options, press Enter. 1=Select 3=Copy 4=Delete Subset . Opt IP-Group IP#ALEX2 IP#ELI IP#ELITST IP#EVG IP#QSECOFR JAV RAZLEE TT Bottom F3=Exit F6=Add new F12=Cancel |
The IP-Group column shows the names of existing IP Groups.
To view and modify an IP Group, enter 1 in the Opt column for that group. The Modify IP-Group screen opens.
| Modify IP-Group Type information, press Enter. IP-Group IP#ELITST Type Prfx 1=Inc 4/6 IP, IPv6, *ALL Lng 2=Exc Text *ALL 2 4 1.1.1.173 32 2 4 1.1.1.188 32 1 4 1.1.1.190 32 1 More... F3=Exit F4=Prompt F12=Cancel |
Each line on the body of the screen represents a single IP range. The line with the range *ALL represents all IP addresses not expressly included in the other ranges. The lines include these fields:
4/6
The IP version of the range; 4 for IPv4 and 6 for IPv6.
IP, IPv6, *ALL
The starting address of the address range, or *ALL
Prfx Lng
The prefix length for the range. Press the F4 key in this field to display the ranges and their explanations, and to select from them.
1=Inc 2=Exc
If "1", the rule refers to all addresses within the range. If "2", the rule refers to all addresses outside the range.
Text
A free-form text description of the address range.
To copy an IP-Group, enter 3 in the Opt field for that group on the Work with IP-Groups screen. The Copy IP-Group screen opens.
| Copy IP-Group From IP-Group . . . . . . IP#ELITST To copy, enter new IP-Group, press Enter. To IP-Group . . . . . . . IP#ELITST Name F3=Exit F12=Cancel |
Enter the name of the new IP Group in the To IP-Group field. The new IP Group will be created, including all the settings of the original group.
To delete an IP-Group, enter 4 in the Opt field for that group on the Work with IP-Groups screen. The Delete IP-Group screen opens.
| Delete IP-Groups Press Enter to confirm delete. Press F12 to cancel and return without deleting. IP-Group IP#ELITST Bottom F3=Exit F12=Cancel |
Press Enter to confirm the deletion or F12 to cancel it.