Geo-fencing user login

Geo-fencing is a common use case, in which you want to make sure your users will not access their cloud service from an unauthorized location.

Coronet offers two ways to enforce service access geo-location.

 

Geo-fencing based on service access IP address

We will start with whitelisting or blacklisting the locations from which we want to allow/block user access to the service:

  1. In the Coronet console, go to CONFIGURE/Rule scopes/IP addresses and click the
    Add new IP Range button.
  2. Provide a name for your range (e.g. "Service access geo-fencing").
  3. In the Category section, check User access.
  4. Use the List type section to select whitelisting or blacklisting.
  5. Use the Type of range section to define whether you wish to define the locations by IP addresses or by countries and add them to the list.
  6. When done, click the Save button.

Next, we will define a User Access rule that disconnects the user when he tries to sign in from an unallowed location:

  1. In the Coronet console, go to CONFIGURE/Rules/User Access and click the
    Add user access rule button.
  2. Provide a name for your rule (e.g. "Service access geo-fencing").
  3. In the Monitored services section, select the services you want to apply the rule to.
  4. In the Monitored groups and users section, select for which users this rule should apply.
  5. In the Monitored threats section, turn on only the User login from suspicious location trigger with HIGH sensitivity.
  6. In the Threat remediation section, select the Alert the user and take specific, services related, action option and check Sign-In Required for all relevant services.
  7. Use the Email notifications section if you wish to receive email notifications for events that were triggered by this rule. 

 

Geo-fencing based on user's device location

This rule assumes your users have the Coronet client application installed on their laptops and/or mobile devices.

We will start with defining whitelist or blacklist locations from which we want to allow/block user access to the service:

  1. In the Coronet console, go to CONFIGURE/Rule scopes/Locations and click the
    Add location Group button.
  2. Create a new location group and provide it a name (e.g. "Service access allowed areas" or "Service access forbidden areas") and click the Create button
  3. At the same screen, click the Add location button, use the map tools (or type in a location name) to mark the location, click the Create button, give the location a name and add it to your new location group. Click the Create button again to save.
  4. Repeat the process to add more locations to the location group.

Next, we will define a Network Access rule that disconnects the user when he tries to sign in from an unallowed location:

  1. In the Coronet console, go to CONFIGURE/Rules/Network Access by List and click the
    Add network access by list rule button.
  2. Provide a name for your rule (e.g. "Service access geo-fencing").
  3. In the Which locations to monitor and control section, select Everywhere, EXCEPT the following locations for whitelisting locations or ONLY in the following locations for blacklisting location and select the location group you have defined in the previous steps.
  4. In the Which devices to monitor and control section, select for which device types this rule should apply.
  5. In the Monitored groups and users section, select for which users this rule should apply.
  6. In the Target networks to apply policy on section, select ANY network with security level listed below and check all the security level checkboxes.
  7. In the Forbidden connection remediation section, select the Alert the user and suspend access to ALL corporate services option.
  8. Use the Email notifications section if you wish to receive email notifications for events that were triggered by this rule. 
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.