What is an IP Fence?
An IP Fence is a security feature in trustMinder.
The security features require a list of IP addresses (or range of IP addresses) to be associated with your account/sub-accounts/CSR accounts. Once implemented, users logging into trustMinder from an IP address in the IP Fence address list will be able to access trustMinder. Essentially, it specifies which networks are allowed to log in to the trustMinder platform so that even if a username:password combination become compromised, a bad actor would also need to be on your corporate network.
Does this replace my username/password?
No - you'll still need your username and password to log in.
Why are we implementing an IP Fence?
For security purposes. We want to ensure that only trustMinder users can log in to their account from an authorised network.
How are we (and you) going to manage the IP fence?
Typically users login to trustMinder from their office computer/laptop while on the office network. The office network has an IP address and we require this IP address to be associated with the trustMinder account.
When associated with the account it means the user will be able to log into trustMinder while on this network. If not on the network then they won't be able to log in.
We appreciate with Covid-19 people are working from home and sometimes users will need to log in while working from home. If they are using a company VPN then it's like they are on the office network and they will be granted access.
If there isn't a VPN in place, then their IP address won't be on the already approved list of IP addresses and they won't gain access.
To remedy this we are rolling out a way for account owners to grant access.
In the IP fence setup (under profile) - you can nominate multiple people to handle the requests. The main account owner is added by default.
Simply add the email address & specify how long that person can handle the requests.
This email address will appear in a drop down menu when a user logs in from an unknown IP address.
Remember to Save any changes.
What a user will see when logging in
Non-Listed Network Access
When a user attempts to log in from a non-listed IP fence address, but with a valid username/password, they will get this warning and will be prevented from accessing trustMinder.
The user can ask the account owner (or other authorised people in the drop down list), adding a note and then clicking the 'Click this button' button and included a note.
This will result in a request email being sent to person selected from the list.
The request will show who (which sub-account/CSR) has requested this. Please remember, Account Owners will only receive this request if the requester has entered a valid username/password.
Account Owner
You'll need to click the Set IP Fence options button in the email notification.
Here you again can see the requester/username and the IP address.
You can add the IP to the fence for a period of time:
- Permanently*
- 1 day
- 1 week
- 1 month
- Do not add
Make a selection and click 'Make it happen'.
*For users logging in from home it's recommended as the account owner to add for 1 week or 1 month rather than adding permanently. (IP address at home can change frequently)
Add permanently if it's an office IP address or one that doesn't change.
'Do not add' means the IP address is not added to the list and they won't be able to access trustMinder from that IP address.
User notification
The user will get a notification of your decision.
A sample notification email is shown below.
If you decide to add it for 1 day/week/month once the time period expires the IP address will be removed from the IP Fence.
Can I see/manage my IP Fence list?
Yes - under your profile you'll see the list.