As an IBM SmartCloud for Social Business administrator you can control the IP address ranges from which users can access IBM SmartCloud for Social Business.
By restricting the IP addresses from which your users can access IBM SmartCloud for Social Business, you provide your organization a secondary level of protection against user credentials being stolen or phished. If the IP ranges are restricted to your company's network, an attacker would need to authenticate to IBM SmartCloud for Social Business from within your network before they could access, and potentially steal, user credentials.
To specify a desired IP address range or set of ranges, log in using your administrator credentials and do the following:
Click System Settings > Security.
Click Add Range.
As prompted, specify a start and end IP address value and click OK.
Note that minimally you must specify the IP address at which you are currently logged in.
IBM SmartCloud for Social Business will check the current IP address to ensure it falls between the specified ranges.
In addition, if your company is using SAML single sign-on, you control user authentication using company credentials; you may wish to use additional protection within your enterprise authentication system for protecting against stolen or phished credentials.
You can use IP address restrictions as a secondary authentication mechanism in combination with SAML single sign-on authentication.
Caveats to using IP address restrictions
Enabling IP address restrictions in a company where users access IBM SmartCloud for Social Business from a mobile device may block user access.
You can use VPN tools on the mobile device to route traffic using the company network, in which case IP address restrictions are valid.
SMTP, POP and iMAP protocols are not supported for IP address restrictions. If your company uses these protocols when accessing LotusLive, IP address restrictions will not be applied.