|Published Date : 30 Jun 2022
Last Updated : 20 Apr 2023
Content Ref: TEC8637174
When setting up RM Unify multi-factor authentication (MFA), you are able to configure a set of trusted IPv4 address range(s) for your establishment so that users will not be prompted for MFA when using a device assigned a trusted IP address.
This will allow you to exclude your school's IP range if you would only like users to be prompted for MFA when they are outside of this range. It can be helpful for schools that operate a 'no mobile phones' policy, as this will remove the requirement to complete the MFA prompt on a user's personal device while at school. Since the majority of malicious attacks on user accounts are more likely to occur from outside of the school location, this feature will allow schools to make a compromise between security and user experience.
- If you are an RM Connectivity customer and RM provides your broadband, please follow the steps in the RM Connectivity Customers section below.
- Sign in to RM Unify as a super admin user.
- Navigate to the RM Unify Management Console.
- On the left-hand side, under 'Sign In & Security', select Trusted IP Addresses.
- Type the CIDR* of the trusted IPv4 range. For example, a CIDR of 188.8.131.52/28 will set the IPs 184.108.40.206 - 220.127.116.11 with subnet mask 255.255.255.240 as trusted IPs.
- Click Add.
*Classless Inter-Domain Routing is a method for allocating IP addresses and for IP routing.
|RM Connectivity Customers|
- Log a support request and we will provide the trusted IP addresses to add.
- Follow the steps in the Procedure above to add the IP addresses we provide.
- On each device with a browser configured to use any proxy server, add *.rmunify.com as a proxy server exception. Please contact your network support team for assistance with rolling this out, as they may deliver the setting automatically as part of a Group Policy Object.
As an example, given below is a screenshot of the equivalent setting on a Windows 10 desktop:
- It is not necessary to add *.rmunify.com as a proxy exception when the browser is not configured with a proxy server, e.g. if you are using transparent filtering.
- If you are using an additional product such as Smoothwall and browsers are configured with the Smoothwall server as the proxy server, please add the *.rmunify.com exception to the device's browser.
|If I configure a trusted IP range, what happens when MFA on an app is set to Required but the user has not yet enroled for MFA?|
- If the user is accessing the app from an IP in the trusted IP range, they will not get prompted to set up MFA and will be able to access the app.
- If the user is accessing the app from an IP that is not in the trusted IP range, they will get prompted to set up MFA.
A warning icon
is displayed beside a CIDR value if the number of IP addresses in the range is more than 20.
An additional address or range is rejected with the message "An error occurred while saving the settings" if:
- it is not a valid IPv4 CIDR format.
- it ends with '/31'.
- it overlaps any of these internal ranges:
- Class A: 10.0.0.0 through 10.255.255.255
- Class B: 172.16.0.0 through 172.31.255.255
- Class C: 192.168.0.0 through 192.168.255.255
- it overlaps any of these multicast addresses:
- 18.104.22.168 to 22.214.171.124
- it overlaps any of these other ranges:
- 0.0.0.0/8: Current (local) network RFC 1122
- 127.0.0.0/8: Local host RFC 1122
- 169.254.0.0/16: Link-local RFC 3927
- 255.255.255.255/32: Limited broadcast destination address RFC 8190 and RFC 919
|Can I set a trusted range for IPv6 addresses?|
|Currently, only IPv4 address ranges are supported. Extending to IPv6 addresses may be considered for a future release. |
If this article has not helped provide a solution then it is also possible to
log a call...
Document Keywords: Unify,Trusted,IP,ipv4,Address,range,bypass,whitelist,mfa,multi,factor,auth, by pass, TEC8637174