About Safe Locations

The Safe Locations feature enables you to configure a list of IP addresses that are considered safe. When users log in from a computer that uses one of the specified IP addresses (a safe location), they are not required to use MFA. The users can log in with only their user name and password.

To configure safe locations, you create a safe location and then assign it to one or more user groups. You create and edit safe locations on the Add Group or Edit Group pages.

Safe locations only apply to the groups they are assigned to. Users in a group that a safe location is not assigned to must still authenticate when they sign in from the safe location. By default, when you create a new safe location it is automatically assigned to the group.

When you delete a safe location, it is removed from all groups that it has been added to. When you edit a safe location, the change applies to all groups that use that safe location.

Safe locations do not apply to RADIUS client resources.

Safe locations require an Internet connection.

Safe Locations for RDP

For Remote Desktop Protocol (RDP) connections, AuthPoint uses the IP address that connects to port 3389 or port 443 to determine if a safe location applies to the authentication attempt. If you configure RDP to use a port other than 3389 or 443, AuthPoint cannot identify the IP address, and users must authenticate with MFA when they log in from a safe location.

If you have a firewall or proxy, the safe location receives the trusted IP address of the firewall or proxy, not the IP address of the end user.

To allow users on your network to use RDP to connect to a server on the network without MFA, you can create a safe location that includes the private IP addresses of internal users, but not the internal IP address of the firewall. With this configuration:

  • Internal users can connect to the server without MFA
  • External connections that come through the firewall require MFA

Configure a Safe Location

To configure a safe location, in the AuthPoint management UI:

  1. From the AuthPoint navigation menu, select Groups.
  2. Click the Name of the group you want to add a safe location to. You can also click Add Group if you want to create a new group to add a safe location to.

  1. In the Safe Locations section, click Add Safe Location.

  1. In the Name text box, type a name to identify this safe location. This helps you identify the safe location when you want to add it to other groups.
  2. In the IP Mask text box, type a public IP address or netmask that defines the range of public IP addresses you want to consider as a safe location. You can specify multiple IP addresses and ranges in one safe location.

  1. Click Save.
    The Add Safe Location window closes and the safe location is saved and added to your group.

  1. Click Save.

Each safe location that you create can be assigned to multiple AuthPoint groups. You do not have to create the same safe location for each of your groups.

To add an existing safe location to a group:

  1. Click the Name of the group you want to add a safe location to.
  2. In the Safe Locations section, select a safe location from the list.

To remove a safe location from a group, click next to the name of the safe location you want to remove.

Edit or Delete a Safe Location

When you delete a safe location, it is removed from all groups that it has been added to. When you edit a safe location, the change applies to all groups that use that safe location.

To edit a safe location:

  1. Click the Name of a group that you have added the safe location to.
  2. In the Safe Locations section, click the name of the safe location you want to edit.
    The Edit Safe Location window appears.
  3. Make your edits to the safe location. You can add or remove IP addresses or ranges, or you can change the name of the safe location.

    When you edit a safe location, the change applies to all groups that use that safe location.

  4. Click Update.
    The Edit Safe Location window closes and your changes are saved.

To delete a safe location:

  1. Click the Name of a group that you have added the safe location to.
  2. In the Safe Locations section, click the name of the safe location you want to delete.
    The Edit Safe Location window appears.
  3. Click Delete Safe Location.

    When you delete a safe location, it is removed from all groups that use it.

  1. In the Delete Safe Location dialog box, click Yes to confirm that you want to delete the safe location.

See Also

Add a Group

Access Policies

About Authentication