TrackTik UniversityHelp & DocumentationSecurity Operations SettingsHow to Configure IP Whitelist Access Restrictions

How to Configure IP Whitelist Access Restrictions

The IP Whitelist is used to verify the IP address of a device before allowing the user access to TrackTik. This is typically only used for operations that have on-site licenses. In this case the IP address of the computer can be approved, but all other IP addresses can be blocked for a site. This requires the officer to sign-in and only use the device at the client's site with the matching IP address. Note that some network use a dynamic IP address (DHCP) connection method. Check the network and device settings before setting up IP whitelisting.

Enable IP Whitelist Feature

Enable IP Whitelist Feature

The IP Whitelist feature will need to be activated in your dashboard to use the IP authorization/blocking options. To activate IP Whitelisting follow the steps below.

  1. Click on the "Settings" tile from the left-hand side menu.
  2. Locate the "Features" option in the settings menu and select it.
  3. Scroll down to find "Ip Whitelist." Click the switch button to "On."

Note: For HQ portals, this feature will need to be activate at every region

Access the IP Whitelist Option

Access the IP Whitelist Option

The IP Whitelist option is available in the "Roles & Security" section of the dashboard settings. To access this option:

  1. Click on the "Settings" tile from the left-hand side menu.
  2. Select the "Roles & Security" option from the settings menu.
  3. Click on the "IP Whitelist" tab.

Setup an IP Whitelist For Sign-In and Other Master Functions

Setup an IP Whitelist For Sign-In and Other Master Functions

Whitelisting is divided into two groups of functions. "Master" functions are functions that permit the user into the system. Other functions are specific to certain sites. Correctly configuring both options can allow employees access without compromising site confidential information. For example, officers may not have IP restrictions to log into the system, allowing them to check their schedule from any computer or location. However, configuring the site IP whitelist would prevent the user from clocking-in to or accessing a site.

  1. Click on the [IP Whitelist] button.
  2. If you are authorizing your current IP address, you will be able to quickly find your IP address in the blue block.
  3. Type the IP address you would like to authorize. Keep in mind your current IP address appears above.
  4. Enter a label that describes the authorized IP address. Labels like the physical location of the computer will provide a reference for the IP address.
  5. Select whether this IP address will be used to block/or allow users to sign-in to the system.
  6. Click on the [Save] button.

Whitelisting an IP for the OnSite staff portal (Site portal)

Whitelisting an IP for the OnSite staff portal (Site portal)

IP Whitelisting is also configurable at the site level. This allows you to ensure that sites which use On-Site require the user to be physically on the property to clock-in to the site. Complete the steps below to add authorized IP addresses to a site.

  1. Click on the "Site" tile from the left-hand side menu to access the site list. Select the site from the site list.
  2. From the site profile, click on the "Security & Patrol" tab.
  3. In the "Patrol Menu" select the "IP Whitelist" option.
  4. Click on the [Whitelist an IP] button.
  5. Complete the information in the pop-up window the same way you did the in the previous step. Click the [Save] button to add the IP address to the list of whitelisted IP addresses for this site.

Blocking By Roles

Blocking By Roles

Both sites and the Live Dashboard will reference a user's IP address to determine what information and functions will be made available to the user. Within the Roles/Permissions you have the ability to determine which user roles will require this IP authorization. For example, certain admin users should always have access to the system, but a manager may be restricted to only access the Live Dashboard from the office.

Each role (other than default Admin) has options for authorizing their access to the system. To configure IP authorization/restriction for a user role follow the steps below.

  1. Click on the role you would like to configure.
  2. From the default "Permission" tab click on the "IP Block Scenario" tab.
  3. Use the drop-down menus to set the authorization rule for On-Site Access (Site - Specific) and Website Login (Master - All functionality). By default both options will be listed as "Granted." The "Block (Always)" option will block the user regardless of the IP address, whereas "Block (Whitelist IPs)" will reference the IP Whitelist to determine whether the user will be granted access.

Scenario 1: On-Site Access (Block certain sites)

Scenario 1: On-Site Access (Block certain sites)

On-Site Access (Block certain sites) will allow the user to access the system, however the user's IP address will be referenced against the IP Whitelist for each site available to the user. If the user's current IP address appears in the IP Whitelist for any of the sites, the user will have access to view or sign-in to the site. If a site does not list the user's current IP address in the IP Whitelist for the site, the user will not have access to the site.

Scenario 2 ) Website Login (Block at login)

Scenario 2 ) Website Login (Block at login)

In this case the user will not be able to access any functionality in the system if the user's current IP address does not appear in the IP Whitelist.

Audit Sign-In Attempts and Access IP Address Logs

Audit Sign-In Attempts and Access IP Address Logs

Clicking the "Sign-in Log" tab will provide a list of instances when a user logged into the system. This list includes the user's name, IP address at the time of sign-in, and the time/date.