Configuring IP Address Restrictions and Basic Authentication

You can configure IP address restrictions and Basic authentication in the kintone Store and Users & System Administration at no additional charge.
 
IP address restrictions limit access to services by IP address. 
 
Basic authentication authenticates users who access the services from the restricted IP addresses and provides a double authentication:
  1. First, Basic authentication requires a valid user name and password to access the login page.
  2. Then in the login page, it requires a login name and password for the user.
For added security benefits, you can configure Basic authentication along with IP address restrictions.

Sample settings:

To enhance security with simple settings:
Settings: 
  • IP address restrictions: Select Deny all.              
  • Basic authentication: Enter a user name and password.

 Implications:

  • A user name and password for Basic authentication as well as a login name and password are required.
  • Only the user who knows the user name and password for Basic authentication can access the login page.

To deny access from public networks:
 
Settings:
  • IP address restrictions: Select Allow specific IP addresses and enter all the global IP addresses assigned to your company.
  • Basic authentication: not set.
Implications:
  • Users can access services only from the office network.
  • Configure these settings when not allowing access from public networks by mobile devices such as smartphones.
To allow access from public networks:
Settings:
  • IP address restrictions: Select Allow specific IP addresses and enter all the global IP addresses assigned to your company.
  • Basic authentication: Enter a user name and password.

Implications:

  • For access from public networks, a user name and password for Basic authentication as well as a login name and password are required.
  • Configure these settings to allow mobile device access to the services.
  • To more enhance security for access from public networks, we recommend that you use "Client Certificate Authentication" available at an additional charge.
The results of the combination of IP address restrictions and Basic authentication:
IP address restrictions Basic authentication configured? Result Tip
Allow all  No Allow access from all IP addresses.  
Allow all
 Yes
Unavailable Basic authentication is available only when IP address restrictions are enabled.
Deny all  No Deny access from all IP addresses.  
Deny all
 Yes 
The user name and password for Basic authentication is required for access from all IP addresses.  
Allow specific IP addresses
(When allowing access from IP address 203.0.113.24)
 No  Access only from IP address 203.0.113.24 is allowed.  
Allow specific IP addresses
(When allowing access from IP address 203.0.113.24)
 Yes 
Except for access from IP address 203.0.113.24, the user name and password for Basic authentication are required. Basic authentication is disabled for access from IP address 203.0.113.24.

To configure IP address restrictions and Basic authentication in the Access Control page:
  1. Navigate to the Access Control page by clicking the gear wheel gear_wheel.PNG, selecting Users & System Administration, and clicking Access Control under Security
  2. Click Configure Now.
  3. Click Change displayed to the right of IP Address Restrictions, and then select the desired option.
    When you select Allow specific IP addresses, enter all the office network IP addresses. You can add or edit IP addresses later.
  4. Click Save.
  5. To configure the Basic authentication settings, click Change displayed to the right of Basic Authentication. (This will become available when IP restrictions are enabled.)
  6. Enter the user name and password for Basic authentication and click Save.

To configure IP address restrictions and Basic authentication in kintone Store:
  1. Log in to kintone Store with the kintone Store account.
  2. Click Domains and then click the Security & Authentication tab.
  3. Click Change displayed to the right of IP Address Restrictions, and then select the desired option.
    When you select Allow specific IP addresses, enter all the office network IP addresses. You can add or edit IP addresses later.
  4. Click Save.
  5. To configure the Basic authentication settings, click Change displayed to the right of Basic Authentication. Enter the user name and password for Basic authentication and click Save.
  6. You can set up Basic authentication together with IP address restrictions. 
    • To specify a range of IP addresses, for example from 210.128.234.192 to 210.128.234.255, use the CIDR notation.
    • When the number of the IP addresses to be specified is small, leave the CIDR field blank and enter one IP address per field.

Note: An e-mail is sent to the e-mail address of the kintone Store account each time the domain security setting is changed.

To further enhance security, we recommend that you configure password policy.
For details on how to configure password policy, see the following topic:

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.