Remove Whitelist Requirement for Signin
Completed
I work remote for a NOC that uses an OnApp cloud. Since I work remote, my IP changes frequently. This morning I was the only person working in our NOC (everyone else is sleeping) and I was locked out of our cloud. I had to open up a support case with support@onapp.com to get them to whitelist my IP for me as I wasn't about to call around and wake people up just so my IP can be whitelisted.
The whole point of the cloud movement is being able to access your information from anywhere. And while I appreciate the extra security that a whitelist provides, I do not want it on my account and due the the nature of my remote work I probably would have advised against our purchase of OnApp if I knew the whitelisting feature could not be disabled.
Please create an option to remove the whitelist requirements on a per-account basis or per-cloud basis.
Thanks,
Adam
-
Hi, I don't know anything about a Whitelist requirement but our customers regularly lock themselves out because of the message being displayed that they should add their current IP to the whitelist or wait 30 seconds to discard this message.
The problem with this is, that sometimes even experienced admins in this moment don't are aware that they blacklist every other IP if they add an IP to the whitelist!
This should really be changed from forcing the customers to add a dynamic IP to the Whitelist to just notifying them!! Or at least warn them, that they blacklist every other IP with this action.
Thanks,
Alex
-
We would also like to be able to disable IP whitelisting, for the reasons mentioned in this thread. To summarize:
- We need to connect from arbitrary IPs, often not known in advance.
- Whitelisting any single address locks everyone else out.
- It is too easy for clients to lock us out.
I see this thread has been sitting for 7+ months since the last comment. Is this feature under consideration?
-
In further testing, I've realized an important misunderstanding on my part. Whitelisting is scoped to individual user accounts. (We didn't notice this at first because we used a shared admin account while spinning up our first cloud.) Scoping reduces the pain significantly, especially since we've moved to a one-account per person model. We would still like the ability to turn off whitelisting entirely, in order to avoid the modal window. Thanks for considering.
-
Hi guys
There are probably some enhancements that we could make to this functionality to make it more usable. We aren't going to develop this so that it allows more ease of use for shared accounts because this is inherently insecure anyway but we can probably make it easier for users to add new IP addresses if they have already whitelisted an IP.
As Layla pointed out you can disable whitelisting per role. You can also add 0.0.0.0/0 to your whitelist if you want to so there are a few ways to work around it. We'll add something to the roadmap to enhance the usability but it's not considered urgent from our perspective.
Regards
Stuart
-
Hello,
for us this is a quite serious issue, because the message is annoying if you have to do something in a hurry and customers lock themselves out every now and then by whitelisting a dynamic IP.
I confirm, that this brings very much security, but for some customers it is impossible to whitelist an IP because they just don't have a static IP!
The only solution I finally read in the last comment is, that such customers could whitelist 0.0.0.0/0 - that was new to me. But I am asking myself where we could put this information so our customers can find it.
I don't want to disable this feature completely for our customers role, because it is a security-feature. But I want a possibility to click away the annoying warning message without having to wait 20 seconds!!
Regards,
Alex
Please sign in to leave a comment.
Comments
6 comments