Most businesses allow their users to access their Creatio site from anywhere, but some organizations need a more secure site that can only be accessed from their office (or via VPN) by some or all of their users. In this scenario, you can use the Creatio IP Address Restriction features to limit which IP Addresses can be used to access Creatio.
Start by identifying which users should not have restricted IP address rules applied. By default, this is setup for users with System Administrator role. If you want other users to be excluded from the restriction (or if you want System Administrators to be restricted as well), go to Operation Permissions > Ignore access check by IP Address and add/remove the necessary Users and Roles that should NOT have the IP Address restrictions applied.
Next, for all of your other users, you need to setup the range of IP Addresses that are allowed. Typically this is done at the Role level, but you can also setup specific IP ranges for individual users if needed. In the Role (Organizational or Functional) and/or User record, go to the Access Rules tab and add one or more IP Address ranges. To allow a single IP Address, enter the same IP Address value for both the Start and End columns. To allow a range of consecutive IP Addresses, enter the lower value in the Start and the higher value in the End, such as 188.8.131.52 to 184.108.40.206. You can set this up for the ‘All Employees’ role to apply the same values for all users, or you can set it up for individual roles as needed.
Finally, once you have the settings already inside Creatio,
you’ll need to update a Web.Config setting to enable the IP Address
restrictions. If you are hosted by Creatio (your url ends with creatio.com),
contact Creatio Support and ask them to enable this for you. If you are hosted
elsewhere, your server administrator will need to update the useIPRestriction parameter
to true in your web.config file.
Once the web.config setting is enabled, IP Address Restrictions will start being applied according to the permissions you’ve setup. If a user tries to login from a non-allowed IP Address, they will receive an error message indicating that access is denied.