Knowledge base

Setting up Access Control

The Access Control add-on is like a private firewall for your Appfigures account. When enabled, the add-on provides granular rules to block out any unwanted users from being able to log into your account, making your private data even more secure.

Access Control works by allowing or denying access by IP address. You have the ability to define rules for every IP as well as a default action (to allow or deny).

The Access Control add-on requires the Enterprise plan.

First, you'll need to enable the add-on for your account. Go to the add-on's page and click on Enable.

This will make the add-on active, but will not block any traffic until you've completed setting it up.

Available options:

Owner access

When enabled, this options ensures the user account that's set up as the owner is always allowed to login. Even if there are explicit rules to prevent access from the IP the user is logging in from, or if the default action denies access.

This option is turned on by default to ensure that you won't get locked out of your account if you accidentally block your IP/range or set the default action to deny without setting up any specific rules for your IP.

This is a good options to have on during set up, but we suggest turning it off once all rules are in place.

Default action

When a user attempts to access your account we'll look for rules that are defined for their IP address. If there are no rules, we'll apply the default action.

Most setups have the default action set to Deny and then set up rules to Allow access from specific IPs. This is also called a whitelist.

Rules

Each rule you define will allow or deny access to a particular IP or a set of IPs in a range.

An IP is a unique address each machine on the internet has. When a user attempts to log into your account we'll make sure they have the right username/password combination, and that their IP isn't blocked by Access Control rules.

Defining a rule is easy:

  1. Type the IP address you want the rule to apply to. Here you can type a single IP or a range using CIDR notation.
  2. Select whether to allow or deny access from this IP.

Once you're done setting up make sure to save your changes. All changes are applied immediately.