Enable and Disable Location-Based Access

You can enable location-based access so that you can allow users to access tasks and data based on their roles and registered IP addresses. By default, location-based access is disabled.

Before You Start

Configure location-based access in a test environment and try it out before you configure it in a production environment. You must have the IT Security Manager role to enable location-based access. Additionally, you must:

  • Set up a valid email address. When required, the location-based access control reset or recovery notification is sent to that email address.

  • Add yourself to the user category for which the notification template ORA Administration Activity Request Template is enabled.

  • Keep the list of valid IP addresses ready.

Enable Location-Based Access

  1. Click Navigator > Tools > Security Console.

  2. On the Administration page, click the Location Based Access tab.

  3. Select Enable Location Based Access.

  4. In the IP Address Allowlist text box, enter one or more IP addresses separated by commas. For example, 192.168.10.12, 192.168.10.0. To indicate a range of IP addresses, you may follow the Classless Inter-Domain Routing (CIDR) notation, such as 192.168.10.0/24.

    Note:

    You can enter the IP address (IPv4 only) range suffix only up to 32 in the IP Address Allowlist text box. For example, 168.1.192.0/32 to 168.1.192.32/32.

    Tip:

    Your computer's IP address appears on the page. Add that IP address to the list so that your access to the application remains unaffected when you sign in from that computer.

  5. Click Save.

  6. Review the confirmation message and click OK.

After you enable location-based access, make the IT Security Manager's role public to access Security Console even from an unregistered IP address.

Disable Location-Based Access

To disable location-based access, deselect the Enable Location Based Access check box. The existing IP addresses remain in a read-only state so that you can reuse the same information when you enable the functionality again. At that point, you can add or remove IP addresses based on your need.