Need Help? We are right here!
By enabling G Suite's IP, device, time, and location restriction features, users can enhance the security of Google Workspace.
miniOrange Single Sign-On (SSO) & IP Restriction app can be integrated with any G Suite app and offers granular options for access policies like IP address, time-based, device, and location-based restrictions. By configuring adaptive authentication methods, users can add an extra layer of security and reduce the burden of 2-factor Authentication (2fa). Admins can use this solution to control user access and provide multi-factor authentication security based on risk, making it a simple, easy-to-set-up, and beneficial solution for all users.
In this restriction method admin configures a list of IP addresses to allow or deny access on and when a user tries to login into any of the applications configured with adaptive authentication, his IP address is checked against the configured IP list and based on that the action is decided as per the configuration (.i.e. Allow, Deny or Challenge).
In this restriction method admin allow end-users to add a fixed number of devices as Trusted devices for their account(A device here refers to a Browser Session). Once a device is registered for a user, then that user will be allowed to login without any Restriction (This works with all other Restriction methods also). If the users registered Device exceeds the total registered device limit specified by the admin,In that case the user will be either Challenged or Denied as specified in the policy by the admin.
In this restriction method admin configures a list of locations where we want to allow end-users to either login or deny based on the condition set by the admin. When a user tries to login with adaptive authentication enabled, his Location Attributes such as (Latitude, Longitude and Country Code) are verified against the Location list configured by the admin. And based on this user will be either allowed, challenged or denied.
In this restriction method admin configures a time zone with Start and End Time’s for that time zone and users are either allowed, denied or challenged based on the condition in the policy. When an end-user tries to login with the adaptive authentication enabled, his time zone related attributes such as Time-Zone and Current System Time are verified against the list configured by the admin and based on the configuration the user is either allowed, denied or challenged.
Action for behavior Change Options :
|Allow||Allow user to authenticate and use services if Adaptive authentication condition is true.|
|Challenge||Challenge users with one of the three methods mentioned below for verifying user authenticity.|
|Deny||Deny user authentications and access to services if Adaptive authentication condition is true.|
Challenge Type Options :
|User second Factor||The User needs to authenticate using the second factor he has opted or assigned for such as
|Security Questions||The System will ask the user for 2 of 3 questions he has configured in his Self Service Console. Only after the right answer to both questions is the user is allowed to proceed further.|
|OTP over Alternate Email||User will receive a OTP on the alternate email he has configured threw Self Service Console. Once user provides the correct OTP he is allowed to proceed further.|
This section handles the notifications and alerts related to Adaptive Authentication.It provides the following options :
|Challenge Completed and Device Registered||Enabling this option allows you to send an email alert when an end-user completes a challenge and registers a device.|
|Challenge Completed but Device Not Registered||Enabling this option allows you to send an email alert when an end-user completes a challenge but do not registers the device.|
|Challenge Failed||Enabling this option allows you to send an email alert when an end-user fails to complete the challenge.|
Our Other Identity & Access Management Products