RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

How to configure RM Unify MFA with trusted IP addresses
Published Date : 30 Jun 2022   Last Updated : 20 Jul 2022   Content Ref: TEC8637174  





Symptoms

When setting up RM Unify multi-factor authentication (MFA), you are able to configure a set of trusted IPv4 address range(s) for your establishment so that users will not be prompted for MFA when using a device assigned a trusted IP address. 

This will allow you to exclude your school's IP range if you would only like users to be prompted for MFA when they are outside of this range. It can be helpful for schools that operate a 'no mobile phones' policy, as this will remove the requirement to complete the MFA prompt on a user's personal device while at school. Since the majority of malicious attacks on user accounts are more likely to occur from outside of the school location, this feature will allow schools to make a compromise between security and user experience.



Requirements

RM Connectivity customers
If you are an RM Connectivity customer, please log a support request and we will enable this for you.


Procedure

  1. Sign in to RM Unify as a super admin user.
  2. Navigate to the RM Unify Management Console.
  3. On the left-hand side, under 'Sign In & Security', select Trusted IP Addresses.
  4. Type the CIDR* of the trusted IPv4 range. For example, a CIDR of 21.19.35.32/28 will set the IPs 21.19.35.32 - 21.19.35.46 with subnet mask 255.255.255.240 as trusted IPs.
  5. Click Add.

*Classless Inter-Domain Routing is a method for allocating IP addresses and for IP routing.



Possible Issues

A warning icon is displayed beside a CIDR value if the number of IP addresses in the range is more than 20.

An additional address or range is rejected with the message "An error occurred while saving the settings" if:
  • it is not a valid IPv4 CIDR format.
  • it ends with '/31'.
  • it overlaps any of these internal ranges:
    • Class A: 10.0.0.0 through 10.255.255.255
    • Class B: 172.16.0.0 through 172.31.255.255
    • Class C: 192.168.0.0 through 192.168.255.255
  • it overlaps any of these multicast addresses:
    • 224.0.0.0 to 239.255.255.255
  • it overlaps any of these other ranges:
    • 0.0.0.0/8: Current (local) network RFC 1122
    • 127.0.0.0/8: Local host RFC 1122
    • 169.254.0.0/16: Link-local RFC 3927
    • 255.255.255.255/32: Limited broadcast destination address RFC 8190 and RFC 919


More Information

What is CIDR notation?
CIDR notation is a compact representation of an IP address and its associated network mask. For more information, please refer to the links below:

Can I set a trusted range for IPv6 addresses?
Currently, only IPv4 address ranges are supported. Extending to IPv6 addresses may be considered for a future release.


Other Useful Articles

RM Unify Multi Factor Authentication (TEC5941143)

FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: Unify,Trusted,IP,ipv4,Address,range,bypass,whitelist,mfa,multi,factor,auth, by pass, TEC8637174


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page