MFA Rules Based on IPv4/IPv6 Subnets for Internal Network Access
1 vote
Hello,
Here is our requirement:
We need to allow authentication requests without MFA from within the company’s internal network. MFA should only be required when accessing from outside the organization or from unsecured networks.
In Devolutions Server, it does not seem possible to create MFA rules based on IP ranges or subnets.
Could you implement the ability to authorize IPv4 and IPv6 subnets in the MFA rules?
Examples:
- 1.1.1.0/24
- 172.30.20.0/24
- 2001:67c:11c8::/64
Thank you in advance.
All Comments (3)
Hello,
Good news, this is already supported in Devolutions Server! You can find the instructions here:
https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/conditional-access-policies/#configure-multifactor-authentication-from-the-web-interface We support IP addresses as rule.
I hope that helps. Let us know if you have any further questions!
Best regards,
François Dubois
Hello GTeam,
There is a small confusion here. Although IP masks are supported, we do not currently support CIDR masks, only dotted-decimal masks.
Your feedback is noted and will be prioritized internally.
Regards,
Benoît Sansregret
Thank you for your response.
Devolutions support previously informed me that this was not possible and asked me to submit a user request instead, so I take note of your answer, thank you.
However, Devolutions Server currently does not support IPv6. Our instance is accessible over IPv6 both from the Internet and from our internal LAN, which means we are unable to create proper rules for IPv6 networks.
This is becoming an important limitation for us, especially as IPv6 deployment is now widespread in enterprise environments.
Thank you in advance for considering this enhancement.
