Restrict Account Access

In addition to SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. and Two-Factor Authentication access control, you can configure a list of IP addresses as an added layer of security. This means that for your users to get access to the Infinity Portal, the administrator must add their IP address to an IP access list. The Infinity Portal automatically blocks attempts to enter the portal from an IP address that is not on the IP Access List.

Item

Description

1

User logs in with their IP address.

2

The Infinity Portal makes sure that the IP address is on the IP Access List.

3

The user gets access to the portal.

Prerequisite:

To add IP addresses to the list, you must be an Administrator.

Configuring IP Access List

Follow these guidelines to configure the IP Access List (allowlist):

  • Add the public IP addresses of the network or device from which users access the Infinity Portal account.

  • Add all public IP addresses that are part of the routing to the Infinity Portal to the allowlist.

  • When users are working from home without a VPN, preserve the client's Internet ServiceClosed A Check Point service offering that helps customers with deployments or technical services for Check Point products. Provider public IP address (make sure that the original public IP address assigned by the client's ISP is retained or visible) and add it to the allowlist.

  • For VPN users with a proxy, add the public IP address of the VPN gateway NAT to the allowlist. Make sure all users accessing the account through the VPN use the same gateway or a known set of gateways.

Note - In general, add only public IP addresses to the allowlist, not private or internal IP addresses. Public IP addresses are those visible to external services. Find them with online tools like "What is my IP" or consult with your network administrator.

To define a list of IP addresses or IP range (CIDR):

  1. From the main menu, select > Identity & Access.

  2. Below Restrict Account Access, select the check box and click Define access list.

  3. In the Restrict Account Access window, below IP Address / CIDR, enter a public IP address or a range of public IP addresses (CIDR). For example, xx.xx.xxx.x or xx.xx.xxx.0/32. To add more IP addresses, click the plus icon.

    Caution - Before you complete step 4, each user that is logged in to the account with an IP address that does not appear on the list is immediately logged out of the Infinity Portal.

  4. To save, click Apply.