Conditional Access
Conditional Access is a security feature commonly used in identity management systems to control access
to applications, data, and resources based on various conditions such as user identity, location, IP
address, device state, and more. In the Unifyia platform, Conditional Access feature
allows organizations to manage administrator access by restricting access to trusted IP addresses.
Organizations can define a set of IP addresses that are whitelisted for administrator access, enhancing
security while reducing the risk of unauthorized or potentially malicious access.
The Conditional Access process works as follows:
- IP Address Check: The system checks whether the privileged user's access request
originates from a specific, whitelisted IP address or range.
- Access Based on IP:
- If the request comes from a trusted IP address, the user retains their privileged
administrator status and is granted the appropriate admin access privileges.
- If the request comes from outside the allowed IP range, the system does not block access but
instead assigns the user a standard user role (Role_User), limiting their access.
Key Benefits of Implementing Conditional Access:
- Privileged users can only access the platform from trusted IP addresses.
- If a privileged user logs in from an untrusted IP, instead of of blocking the access entirely, the
system assigns the user a user role to enable restricted access to the system limiting their
privileges.
This approach helps organizations maintain a strong security posture while minimizing the risk of
unauthorized access.
Follow the below steps to configure administrator conditional access to the platform:
- Activate Conditional Access: Slide the toggle button to the right to enable the
conditional access.
- Enter the allowed IP address range by specifying the range.
- If you need to configure multiple IP address ranges, select + button and add additional IP address
ranges.