Iraje 2 Factor IP Whitelisting manual version 8
This document is the user manual for the Two-factor IP whitelisting. It will explain the two- factor IP Whitelisting feature provided by Iraje PAM and how to use it.
Two Factor Whitelisting feature is allowing us to whitelist some IP range for OTP. Once we have enabled the 2 Factor Whitelisting option we can allow some device’s to login on Iraje PAM without entering the OTP.
Admins Using Iraje PAM
Whitelisting starts from a perspective that nearly everything is bad. And, if that is true, it ought to be more efficient just to define and allow “good entities” into the network. A simple example would be “all employees in the finance department that are director level or higher are allowed to access our financial reporting application on server X” By extension, everyone else is locked out.
Whitelisting is often referred to as a “zero trust” approach – deny all, and allow only selected entities access based on a set of ‘good’ properties associated with user and device identity, behaviour, location, time, etc.
Whitelisting is widely accepted for high-risk security environments, where stringent rules take precedence over user freedom. It is also highly valued in environments where organizations are bound by strict regulatory compliance.
Work flow for 2 Factor IP Whitelisting
The 2 Factor IP Whitelisting feature is the most comprehensive module offering the advance option to whitelist source devices where we can login directly in Iraje PAM without entering the OTP.
The configuration part is given below:
Step 1: Login to IRAJE PAM Dashboard
Step 2: Click on 'Access Control Manager'
Step 3: Open 'Access Control Manager' module and click on 'Directory Access'
Step 4: Click on 'ADMIN’ group in Select Group
Step 5: Click on 'Admin' Option
Step 6: Go to 'Admin' Options
Step 7: Once the IP range has been entered, click on 'OK 'button
Step 8: To enable 2 Factor IP Whitelisting following 'maker-checker' is to be performed
Step 9: Now 'close' the Access Control Manager
User Experience after 2 Factor Whitelisting Option is Enabled
Case 1: When the user logs in through Iraje PAM Dashboard from one of the source IP, which is whitelisted, it will allow the user to login without asking for 2 Factor Authentication.
Case 2: When the user logs in through Iraje PAM Dashboard from a particular source IP, which is not whitelisted, it will ask to enter TOTP while login through IRAJE PAM Dashboard.
Once the authentication is done, the user can then access the PAM dashboard.