Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Disable SYRACOM Secure Login for internal networks

A
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 6, 2016

About Confuence 5.9:

How can I disable the SYRACOM 2-factor auth for specific networks / subnets?

Is there a whitelist we can update to add our internal networks to enforce 2-factor auth only if access occurs from external networks?

Thanks
-AM-

2 answers

0 votes
Norman Mähler November 11, 2019

Hey, i tried that in serveral ways, but it did not work. I tried the following possibilities:

- 172.16.0.0 /12

- 172.18.*.*,172.19.*.*,172.20.*.*,172.21.*.*

- 172.16-32.*.*

 

What did I miss?

Niek Neuij
Contributor
November 11, 2019

Here's an example of what I did:

syracom.png

With our public IP addresses blurred out of course.

Like Norman Mähler likes this
Norman Mähler November 11, 2019

Thank you Niek,

I have the same configuration (without the public addresses, of course) but still am asked for a PIN when coming from 172.18.21.144 but not from 172.16.22.167.

Do you have an explanation?

Niek Neuij
Contributor
November 11, 2019

The format is

172.16.0.0/12

Not

172.16.0.0 /12
Norman Mähler November 11, 2019

Thank you again for the fast reply, but that is exactly how i configured it, I posted it just wrong in my first answer, sorry

Bildschirmfoto vom 2019-11-11 12-45-40.png

Norman Mähler November 19, 2019

Any additional suggestions?

Niek Neuij
Contributor
November 19, 2019

Look at the "User sessions" page in Jira admin panel. Which IP addresses are being used by users?

The first IP address mentioned is the one Syracom uses to identify which IP address belongs to which user.

Here's what our looks like (with the IP addresses of our SSL proxies, external IP addresses, and users blurred out):

afbeelding.png

Because our whitelist filter is

172.16.0.0/12,194.█.█.█/22,185.█.█.█/22

only the user with the IP address "3.█.█.█" will get to see the Syracom 2FA.

Like Norman Mähler likes this
Norman Mähler November 26, 2019

Thank you, this information was very helpful, we could find the source of our problems lying in our network configuration so I ended up with an other IP on the server than my system has in the network.

0 votes
Niek Neuij
Contributor
February 20, 2017

Yes, you can whitelist subnet(s) in the add-on's options panel, devices in those subnets bypass the add-on.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events