• Type: Suggestion
• Resolution: Unresolved
• Component/s: IP Allowlisting
• Labels:

  • guard-s7

[ACCESS-1422] Allow customers to configure IP allow list by country (geoblocking)

Collapse comment: Iain Whyte added a comment - 17/Jan/2023 12:26 AM

Iain Whyte added a comment - 17/Jan/2023 12:26 AM

With an on premise Server instance of Confluence or Jira, obviously you can control who can connect to your instance. Not so with cloud instance. Access + Azure Conditional Access partially helps with this, since Microsoft Conditional access can prevent authentication except from specific country IP databases. However, connection attempts are still possible. If someone has credentials for a user, and they can connect, they can continue trying MFA requests until the user just presses OK. The missing piece of the puzzle here is the instance itself allowing connection ONLY from specific country IP databases. The existing IP allow listing interface is not flexible enough.

Expand comment: Iain Whyte added a comment - 17/Jan/2023 12:26 AM

Iain Whyte added a comment - 17/Jan/2023 12:26 AM With an on premise Server instance of Confluence or Jira, obviously you can control who can connect to your instance. Not so with cloud instance. Access + Azure Conditional Access partially helps with this, since Microsoft Conditional access can prevent authentication except from specific country IP databases. However, connection attempts are still possible. If someone has credentials for a user, and they can connect, they can continue trying MFA requests until the user just presses OK. The missing piece of the puzzle here is the instance itself allowing connection ONLY from specific country IP databases. The existing IP allow listing interface is not flexible enough.