Restrict login.do access method for "normal" users but not for admins

Meloper · ‎12-17-2024

We have activated Adaptive Authentication and currently all users from certain IP ranges can access our instance AND via the Now mobile app.

This question is about access from the permitted IP range via the browser.

The normal user connects to our instance via AZure MFA.
We want to prohibit login.do access for the normal user.The user should not be able to access the instance in any other way than via MFA.

Admins and audit users should still be able to use the login.do method.

Is that possible?

Mark Manders · ‎12-18-2024

If they all use SSO, except for the audit and admin users, you can just easily update the password of those users to a string of characters nobody knows. Login.do validates on the local password, while SSO validates through the Azure pw.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Sohail Khilji · ‎12-18-2024

HI @Meloper,

I believe login.do is a page which you can limit it based on role. if any users trying to access login.do it may not allow and may show access denied error.

I hope this helps...

☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

Mark Manders · ‎12-18-2024

The page you are showing is a portal page and adding a role to it, will not make login.do unavailable (I just tested it). It will also be difficult to work, since the login.do page is showing the login screen before you are logged in, so the system doesn't know your roles yet. Only after validation it can do something and the question is about preventing people to login through login.do.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark