Iraje 2 Factor IP Whitelisting manual version 8

Introduction

This document is the user manual for the Two-factor IP whitelisting. It will explain the two- factor IP Whitelisting feature provided by Iraje PAM and how to use it.

Purpose

Two Factor Whitelisting feature is allowing us to whitelist some IP range for OTP. Once we have enabled the 2 Factor Whitelisting option we can allow some device’s to login on Iraje PAM without entering the OTP.

Target Audience

Admins Using Iraje PAM

Whitelisting

Whitelisting starts from a perspective that nearly everything is bad. And, if that is true, it ought to be more efficient just to define and allow “good entities” into the network. A simple example would be “all employees in the finance department that are director level or higher are allowed to access our financial reporting application on server X” By extension, everyone else is locked out.

Whitelisting is often referred to as a “zero trust” approach – deny all, and allow only selected entities access based on a set of ‘good’ properties associated with user and device identity, behaviour, location, time, etc.

Whitelisting is widely accepted for high-risk security environments, where stringent rules take precedence over user freedom. It is also highly valued in environments where organizations are bound by strict regulatory compliance.

Work flow for 2 Factor IP Whitelisting

The 2 Factor IP Whitelisting feature is the most comprehensive module offering the advance option to whitelist source devices where we can login directly in Iraje PAM without entering the OTP.

The configuration part is given below:

    Step 1: Login to IRAJE PAM Dashboard

    Step 2: Click on 'Access Control Manager'

    Step 3: Open 'Access Control Manager' module and click on 'Directory Access'

    Step 4: Click on 'ADMIN’ group in Select Group

    Step 5: Click on 'Admin' Option

    Step 6: Go to 'Admin' Options

    Step 7: Once the IP range has been entered, click on 'OK 'button

    Step 8: To enable 2 Factor IP Whitelisting following 'maker-checker' is to be performed

    Step 9: Now 'close' the Access Control Manager

User Experience after 2 Factor Whitelisting Option is Enabled

Case 1: When the user logs in through Iraje PAM Dashboard from one of the source IP, which is whitelisted, it will allow the user to login without asking for 2 Factor Authentication.

Case 2: When the user logs in through Iraje PAM Dashboard from a particular source IP, which is not whitelisted, it will ask to enter TOTP while login through IRAJE PAM Dashboard.

Once the authentication is done, the user can then access the PAM dashboard.