About Confuence 5.9:
How can I disable the SYRACOM 2-factor auth for specific networks / subnets?
Is there a whitelist we can update to add our internal networks to enforce 2-factor auth only if access occurs from external networks?
Thanks
-AM-
Hey, i tried that in serveral ways, but it did not work. I tried the following possibilities:
- 172.16.0.0 /12
- 172.18.*.*,172.19.*.*,172.20.*.*,172.21.*.*
- 172.16-32.*.*
What did I miss?
Here's an example of what I did:
With our public IP addresses blurred out of course.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Niek,
I have the same configuration (without the public addresses, of course) but still am asked for a PIN when coming from 172.18.21.144 but not from 172.16.22.167.
Do you have an explanation?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you again for the fast reply, but that is exactly how i configured it, I posted it just wrong in my first answer, sorry
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Look at the "User sessions" page in Jira admin panel. Which IP addresses are being used by users?
The first IP address mentioned is the one Syracom uses to identify which IP address belongs to which user.
Here's what our looks like (with the IP addresses of our SSL proxies, external IP addresses, and users blurred out):
Because our whitelist filter is
172.16.0.0/12,194.█.█.█/22,185.█.█.█/22
only the user with the IP address "3.█.█.█" will get to see the Syracom 2FA.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you, this information was very helpful, we could find the source of our problems lying in our network configuration so I ended up with an other IP on the server than my system has in the network.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, you can whitelist subnet(s) in the add-on's options panel, devices in those subnets bypass the add-on.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.