Restrict Account Access

In addition to SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. and 2FA access control, you can configure a list of IP addresses as an added layer of security. This means that for your users to get access to the Infinity Portal, the administrator must add their IP address to an IP access list. The Infinity Portal automatically blocks attempts to enter the portal from an IP address that is not on the Restrict Account Access list.

Item

Description

1

User logs in with their IP address.

2

The Infinity Portal makes sure that the IP address is on the Remote Account Access list.

3

The user gets access to the portal.

Prerequisite:

To add IP addresses to the list, you must be an Administrator.

Configuring IP Access List

Follow these guidelines to configure the IP Access List:

  • Add the public IP addresses of the network or device from which users access the Infinity Portal account.

  • Add all public IPs that are part of the routing to the Infinity Portal to the allowlist.

  • When users are working from home without a VPN, preserve the client's Internet ServiceClosed A Check Point service offering that helps customers with deployments or technical services for Check Point products. Provider public IP (ensure that the original public IP address assigned by the client's ISP is retained or visible) and add it to the allowlist.

  • For VPN users with a proxy, add the public IP address of the VPN gateway NAT to the allowlist. Ensure all users accessing the account through the VPN use the same gateway or a known set of gateways.

In general, add only public IP addresses to the allowlist, not private or internal IPs. These are the IP address that are visible to external services. Find them with online tools like "What is my IP" or consult with your network administrator.

To define a list of IP addresses or IP range (CIDR):

  1. From the main menu, select > Identity & Access.

  2. Below Restrict Account Access, select the check box and click Define access list.

  3. In the Restrict Account Access window, below IP Address / CIDR, enter a public IP address or a range of public IP addresses (CIDR). For example, xx.xx.xxx.x or xx.xx.xxx.0/32. To add more IP addresses, click the plus icon.

    Caution - Before you complete step 4, each user that is logged in to the account with an IP address that does not appear on the list is immediately logged out of the Infinity Portal.

  4. To save, click Apply.