IP whitelisting configurations

Modified on Thu, 28 Mar at 5:08 PM

IP whitelisting is a practice employed to enhance digital security by allowing only specific, trusted IP addresses to access a network, system, or application. In the context of Keka, it can be compared to a vigilant doorman who will allow access to the Keka HR portal only if one accesses the portal from a whitelisted IP network. 

 

This strategic security measure serves as an impregnable defense, thwarting potential cyber threats and intruders from infiltrating your HR ecosystem. By designating only trusted IP networks, it ensures the sanctity of sensitive employee information and upholds the confidentiality of critical data. 


Before configuring IP whitelists

Before you configure IP whitelists, it is extremely important to know the impact of this action:

  • Once an IP network is configured as a whitelisted IP network, it is implicitly understood that all other IP networks are NOT whitelisted. This means, all employees without exception will be able to access Keka portal ONLY from the whitelisted IP network and will NOT be able to access Keka portal from IP networks that are not whitelisted.
  • This change will be applicable to all users including Global Admins and the Admins who configured IP whitelisting as well.
  • Utmost care is recommended when configuring IP networks as any mistake in configuring this will disrupt the entire org's access to Keka portal.


Configuring IP whitelist in Keka 

Users can whitelist IP networks from Org > Settings > IP Configurations.

 

Note: Time Attend > Settings > IP Networks is now moved to Org > Settings > IP Configurations. So in case if there are any IP Networks added there previously previously, they are moved to the new location, i.e., Org > Settings > IP Configurations.

 

To begin with, users can add IP addresses by clicking on the `+ Add IP address` button.



Users can give a name to the network for identification (Eg: Office network, 1st Floor, etc.) and add IP network range. Users can also add multiple ranges under the same network. Note that the current IP address from which the application is being accessed would be shown for reference. In case of doubt, it is recommended to check with the IT admin and add the correct IP addresses as this might impact the access of application to ALL EMPLOYEES INCLUDING THE ADMINS.

 

Admins can turn on whitelisting for the IP network from this slider window itself, or just add the IP network to the repository from here.



Once the IP networks are added, admins can whitelist a certain IP network using the "Whitelist Enabled" switch.



Once admins toggle the switch in the column indicated above to "On" state, they are asked to "Confirm" (as shown below). Once admins gives a confirmation, that IP Network would be marked as whitelisted and all employees will be able to access Keka portal only from the whitelisted IP networks.



Also note that, for the sake of avoiding extreme cases where all employees / the admin loses access to Keka portal from all networks, a few validations are added while whitelisting IP networks:

  • If whitelisting for all IP networks is turned off, it means that whitelisting restriction has been turned off and Keka portal can be accessed from any network.
  • If an admin has not whitelisted any IP networks, the first IP network he/she has to whitelist is the network which the user is in. If the admin tries whitelisting any other network first, that action is not allowed. This is because, the moment admin turns on whitelisting for some other IP network he/she is not in, access to Keka portal from the current IP network will be lost for the admin who is configuring whitelists. To avoid that, a validation has been added.
  • Similarly a user cannot turn off whitelisting their current IP networks when other IP networks are still whitelisted for the same reason as above.


Impact on Mobile app access

IP Whitelisting does not impact access to Mobile app. So irrespective of whether IP whitelisting is enabled or not, users with mobile app access will be able to access it without any impact.


Related Articles

IP whitelisting -FAQs

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article