IP-based Application Access

BillDavS76
Tera Contributor

I'm wondering if it is possible to limit Application access based on IP Range.  For example, if I want to allow only those on our VPN connection to access Security Center.

Note: NOT looking for IP-based Authentication where ONLY whitelisted IPs can login.  Assume I want to allow login to the instance from any IP without restriction, but then I want to ensure that the user is on our VPN range before allowing access to a specific application.  I see where I can get the session ID:

How to get the client IP of the originating request - Support and Troubleshooting

but then, how would I use that for restriction?

4 REPLIES 4

SumanthDosapati
Mega Sage
Mega Sage

@BillDavS76 

When you say limit application, what are you exactly mentioning about?

A portal/page/table/workspace or something else?

 

We didn't get into specifics, but the workspace seems a reasonable place to start for Security Center (for example).  I can see it will need to be more granular or we just create 'security by obscurity' and folks will 'find another way in'.  Restricting at the table level is likely required.

'Zero Trust Access' is a better option to go with if that suits your requirement.

If that doesn't help your case then you might need to build your own logic and use 

gs.getSession().getClientIP() 

 

Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth

Randheer Singh
ServiceNow Employee
ServiceNow Employee

Hi @BillDavS76 
You have to use the Zero Trust policy-based session access feature to achieve this.
https://www.youtube.com/watch?v=NYQ8g4uw12U
https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/authentication/...


Thanks,

Randheer