Quoox provides a mechanism for restricting access to the portal by IP address. This applies to all managers and employees, except for the originating account creator who is always granted access upon the provision of valid login credentials. This exception is to avoid the situation of an entire facility being locked out of the Quoox system due to an IP address change or mis-configuration.
The IP authentication works by providing valid IP ranges (in CIDR notation) either system wide, and/or on a per employee basis.
System wide settings
The valid system-wide IP addresses may be configured in Settings > Security.
Acceptable IP address ranges may be provided one per line in the text box. These may be IP4 or IP6 ranges, and you should list all those that apply to your location.
IP address ranges are added in CIDR notation. These may be individual addresses; addresses with subnet mask; or address ranges.
Quoox will list your current IP address (as our servers see it), and this may be copied by clicking the clipboard icon.
Clicking the Save button will commit changes, which will take effect within 15 minutes. The IP validation checks are performed upon login.
Per Employee Settings
Valid IP ranges may also be provided on a per-employee basis. These are an extension of the valid system ranges, and a manager/employee with valid login credentials matching an IP range in either setting area will be granted access.
As with the system settings, IP ranges may be specified one-per-line in CIDR notation.
The employee settings contain and additional checkbox for Always bypass IP address checks for this employee, which tells Quoox to permit access to the system for the employee, regardless of their IP address, provided they issue valid login credentials.
Warnings
This function should only be used if you are confident that:
- You have a static (or long lease) IP address
- You know your IP address
- You understand CIDR notation and how to correctly record your IP address ranges
- You understand the implications of the mis-configuration of this feature
