Last updated on November 10, 2022
Is 2FA Needed In Every Situation?
Two-factor authentication is a great way to improve your organization’s security posture, but it does have an impact on user experience. Not every application must be protected with 2FA and not every situation requires it. Often, strong authentication provides the most value when securing access from untrusted networks like the public Internet.
It’s a good idea to enforce 2FA on your VPN for remote employees. On the other hand, you may want to allow employees who work inside your office building to access internal services without a 2FA challenge, as their workstations are plugged into the local ethernet with 802.1X port-based authentication. This will balance user experience with security and overcome the resistance to 2FA.
Bypass 2FA For Internal Logins
Rublon enables you to specify Authorized Networks by IP addresses. Users who originate from an Authorized Network bypass 2FA.
Administrators of Rublon Business or Enterprise subscriptions may define Authorized Networks in the Rublon Admin Console. Go to Settings, locate Authorized Networks and enter a block of IP addresses, IP ranges or CIDRs as a comma-separated list. Remember to click the Save button at the top right corner.
Authorized Networks settings are valid organization-wide for all applications. Applying Authorized Networks settings to individual applications will be possible in the future.
Please note that the Authorized Networks settings are only applied if Rublon is able to determine the user’s IP address. Some applications do not allow this.
The following applications support Authorized Networks:
- Cisco AnyConnect
- Confluence
- Dropbox
- G Suite
- Jira
- Office 365
- Rublon Access Gateway integrations via SAML
- Salesforce
- SSH
- Windows RDP
- WordPress
