An “Access Control” page is available in the Global section of Client Preferences Manager for managing IP access control (for IP addresses within the US and Canada only). This page is available to client users based on the "Settings - Global Preferences - Can Access" permission.
- IP addresses outside of the US and Canada cannot be provided access via this page only.
- To access the system from outside of the US and Canada, it is recommended to use a proxy or VPN that will reroute your internet traffic through a US or Canada IP address. There are many options available, like NordVPN, Express VPN, CyberGhost (at time of this article's publish). ASF does not have an official recommendation for any specific service.
- In some cases, it is possible for ASF to whitelist an IP address outside of the US and Canada - please be aware that this can request may require 2-3 weeks to complete - please contact Client Support to make this request.
Role and User Level Access Control
IP Access Control Enablement
The Access Control page displays a toggle option to enable limiting site access based on IP address. This page is available to client users based on the "Settings - Global Preferences - Can Access" permission.
If the toggle is set to Inactive (default setting), then client users with access to this page see a message that limiting site access based on IP address is not available . If the toggle is set to Active, then client users with access to this page see an allowed IP addresses table where IP addresses can be added and managed.
Allowed IP Address Management
IP addresses are added with the following information:
- IP Address: this can be a single address or a range, using the “/” convention to denote the range
- Type: Single or Range
- Description: this is recommended to be used to describe the location of the IP address for quick identification
Role and User Level Access Control
To block a client user from accessing the site from any IP address not specified in the allowed list, un-check the “Can Access via Any IP Address” user or role permission. This is defaulted to checked, meaning that, by default, users are assumed to be able to access the site from any IP address and are not limited to only those IP addresses specified in the allowed list.
- Note: Client Admins are assumed to be able to access the site from any IP address, therefore this permission cannot be un-checked for Client Admin users. If a Client Admin should had limited access, consider changing their role to a non Client Admin role.
When client users with limited access attempt to log into the site from an IP address not on the allowed list, an error page is displayed letting them know that the site is not accessible and directing them to contact the club or ASF Support.
Usage Tips
- Find a device's IP in network/internet settings, or use a site like https://www.ipchicken.com/
- For clubs with multiple locations, the list of allowed IP addresses must be loaded for each location. It is recommended to include all reciprocal location IPs in each location's IP list. This allows IP restricted users with access to multiple locations to log into any club location from any club location. IP restrictions are not enforced when users are club switching after they are already logged in.
Comments