I'd like to up the security on a site by whitelisting ips for access to the backend, but allow access from outside of those ips using two-factor authentication.
The reason is that most of the time users in the office or on the VPN don't want to be bothered with 2FA, so ip whitelisting is fine, but occasionally urgent updates may be needed from outside those ip addresses, in which case it should be done with 2FA.
Can anyone give me pointers as to how this could be done?
Combining IP whitelisting and two factor authentication
Hi,
I'd like to up the security on a site by whitelisting ips for access to the backend, but allow access from outside of those ips using two-factor authentication.
The reason is that most of the time users in the office or on the VPN don't want to be bothered with 2FA, so ip whitelisting is fine, but occasionally urgent updates may be needed from outside those ip addresses, in which case it should be done with 2FA.
Can anyone give me pointers as to how this could be done?
Thanks,
Chris
is working on a reply...