The Authorized Networks Policy allows organizations to control access based on the network location of users. This policy can permit users to bypass Multi-Factor Authentication (MFA) when accessing from trusted networks (e.g., office networks) and enforce MFA when accessing from untrusted networks (e.g., home or public networks).
The Authorized Networks Policy balances convenience and security. By distinguishing between IP ranges, it can ensure flexible access and seamless login within the acceptable perimeter like the office network, while requiring full-on MFA in remote access scenarios.
Use Case: Office Network Bypass MFA, Remote Access Enforce MFA
Scenario
Let users who are inside the office log in without MFA and require MFA once they leave the office (e.g., work from home or from a coffee shop).
Challenge
Balancing convenience for in-office users with the need for enhanced security for remote access.
Solution
Implement an Authorized Networks Policy that allows users to log in without MFA when they are within the office network and requires MFA for remote access.
Benefits
- Seamless In-Office Access: Users within the office network can log in without the hassle of MFA.
- Enhanced Remote Security: Users accessing from outside the office are protected with MFA.
- Flexibility and Control: Administrators can define authorized networks and enforce security policies accordingly.
Step-by-Step Configuration Guide
1. Sign in to the Rublon Admin Console.
2. In the Policies tab, create a Bypass MFA for Office policy where you enter your local network’s IP range in the Authorized Networks section. (See: How to create new policy and Authorized Networks)
3. In the Applications tab, assign the Bypass MFA for Office policy as an Application Policy to one or more applications. (See: How to assign Application Policy to application)
4. From now on, the Bypass MFA for Office policy applies to one or more applications you assigned it to, effectively allowing employees working from the office to bypass Multi-Factor Authentication (MFA).
Use Case 2: Bypass MFA for Local Network Access for Regular Users but Not IT Admins
Scenario
Streamline access for regular users within the local network by bypassing MFA while ensuring that IT admins always use MFA regardless of their network location.
Challenge
Balancing the need for ease of access for regular users with maintaining stringent security measures for IT admins.
Solution
Implement an Authorized Networks Policy that bypasses MFA for regular users within the local network but enforces MFA for IT admins at all times.
Benefits
- Streamlined Access for Regular Users: Reduces login friction for regular users within the local network.
- Enhanced Security for IT Admins: Ensures that IT admins are always authenticated with MFA, maintaining high security.
- Customized Access Policies: Provides flexibility in defining access rules based on user groups and network location.
Step-by-Step Configuration Guide
Refer to Group Policies – Bypass MFA for local network access for regular users but not IT Admins for detailed instructions on how to configure the policy in the described scenario.
Learn More About Rublon Policies
Rublon Admin Console – Policy Sections
Group Policies – Bypass MFA for local network access for regular users but not IT Admins
