SAP Knowledge Base Article - Public

2089414 - System: How to restrict access to SuccessFactors by IP address - IP Restriction Management

Symptom

  • Restricting Access by IP Address
  • If you would like to add an additional layer of security for access to the SuccessFactors application, you can request access to be restricted to only certain IP addresses.
  • Self-Service tool - IP Restriction Management

Environment

  • BizX Platform

Resolution

The SuccessFactors Application supports IP address restriction as a security method. With this method the client provides specific IP addresses (single ones or ranges of addresses) that will be able to access the SuccessFactors Application. Only users from these addresses can access the SuccessFactors Application and all others will get a notification when trying to login that they do not have access.

Here is a quick video describing the new feature:

Media not computed.

  • As of version 1708 (Q3 2017) you can now use self-service to manage IP restrictions from Admin center.
  • First, you need to assign the following permission to the user which shall be allowed to manage the restrictions: permission called "IP Restriction Management" in the "Manage system properties" section.
    We reccomend that the user log out and into the system again after you have assigned this permission.
    IP Restriction management permissions.png

  • Next, the admin user will be able to access the tool called "IP Restriction Management" in Admin Center.
    IP Restriction management admin tool.png

  • To add a restriction, press the "+" symbol on the top right IP Restriction management plus .png.
    This will let you add two types of restrictions:
    1. Single IP Address:
      Enter the desired IP address and press save.
      IP Restriction management single.png

    2. IP Address range:
      Enter the start and end IP for this range and press save.
      IP Restriction management range.png

  • Please be sure to provide all IP addresses for your company (offices, remote workers, etc). If there are employees that are trying to access the application in an IP address other than the ones provided, they will not be able to log in.
  • Also make sure that you add your own IP to this list. If not, and you made a mistake, you could potentially end up locking out all users including yourself from the system.
    To check your public IP you can simply search for "what is my ip" in any search engine (for example this search in google)

  • You can turn off IP restrictions for external users. To do so, press on the "cog" button on the top right. IP Restriction management cog .png
    This will display 3 options that can be enabled separately. Press save after you have finished selecting the options.
    IP Restriction management external.png

  • You can delete any previous stored value by pressing the delete button for that particular IP or range.
    You can also edit the previously configure value by pressing the pencil button on the respective configured IP or Range.
    IP Restriction management update - delete .png

See Also

Managing Instance Access guide

Keywords

access list whitelist filter successfactors SAP IP Whitelisting , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-IPR , SF Server IP related Queries/ IP Restriction , How To

Product

SAP SuccessFactors HCM Suite all versions