IP Filtering for Admin Users

IP Filtering in OPS-COM provides administrators with a robust security layer by restricting user access based on their device's IP (Internet Protocol) address. This feature enhances system security by ensuring that only authorized users from specified networks or devices can log into OPS-COM, allowing for tailored access control according to individual roles and organizational security policies.

Setup & Configuration

IP filtering configurations are managed within each administrator's user profile in OPS-COM.

What is an IP Address?

An IP address is a unique numerical label assigned to each device connected to an IP network. It typically consists of four groups of numbers (octets), separated by dots (e.g., 192.168.1.1).

The first two octets generally identify the network your device is on.
The last two octets further narrow the address down to a specific machine within that network.
To find your current public IP address, you can visit a website like whatismyip.net or simply search "What is My IP" in Google.

To Configure IP Filtering in OPS-COM:

Hover over the System Config, Admin Management and click Edit Admin Users.
On the Manage Administrator Users page, select the specific user you wish to edit from the dropdown list.
Locate the Allowed IP Addresses field within the user's profile configuration. This is where you will enter the IP filtering rules.

Using this Feature

The Allowed IP Addresses field in an admin user's profile controls their access to the OPS-COM system. The level of access can be precisely tailored:

Configuration Options for Allowed IP Addresses

Allow Access from Any Network (Least Restrictive)

This is typically used for high-level managers or directors who require access from diverse locations (e.g., while traveling, from a home office, or an internet cafe).
Note: In some cases, networks might be locked down or behind a firewall. Additional configuration on the part of your IT department may be required to allow external access.

Configuration: Enter a single dot (.) in the Allowed IP Addresses field.
Result: The user will be able to log in from literally any network location, whether internal or external to your organization's specific network.

Restrict Access to a Specific Network

This is ideal for regular office workers who primarily require access only from their designated office network.

Configuration: Enter the first two octets of the network's IP address (e.g., 10.32).
Result: The user can log in from any computer connected to that specific network, but will be restricted from accessing OPS-COM from any other network.

Restrict Access to a Specific Computer (Most Restrictive)

This is suitable for part-time employees or student workers who are designated to use only one particular machine for OPS-COM access.

- Configuration: Enter the full IP address of the specific computer (e.g., 10.32.1.144).
- Result: The user can only log in to OPS-COM from that single, specified computer.

Allow Access from Multiple Specific Computers

This is useful in office settings where an employee may use a few designated workstations.

- Configuration: Enter the full IP address of each allowed computer, placing each address on a separate line within the Allowed IP Addresses field (e.g., 10.32.1.144 followed by 10.32.1.154 on the next line).
- Result: The user can log in from any of the explicitly listed computers.

Allow Access from Multiple Specific Networks

This is applicable for employees working out of multiple campus locations or different buildings within a municipal organization, each on a distinct local area network.

- Configuration: Enter the first two octets of each allowed network, placing each network segment on a separate line within the Allowed IP Addresses field (e.g., 10.32 on one line and 10.40 on another).
- Result: The user can log in from any computer on the specified networks.

Basic IP Filtering Rules Recap

Good Configurations:
- . - A single period to match all IP addresses (least restrictive).
- 10.32 - A partial IP address to match all computers on a specific network.
- 10.32.1.144 - A full IP address to match a specific computer (most restrictive).
Invalid Configurations:
- 10.* - Wildcards (*) like this will not work.
- ops-com.com - Domain names will not work; only numerical IP addresses are supported for filtering.

Best Practices & Considerations

Security vs. Flexibility: Balance the need for security with the practical access requirements of your administrators. More restrictive settings (full IP) offer higher security but less flexibility.
Dynamic IPs: Be aware that many internet service providers assign dynamic IP addresses that can change over time. If your administrators access OPS-COM from external locations with dynamic IPs, using a full IP filter will frequently require updates, making the "single dot" setting often more practical for such scenarios.
Internal Network Changes: If your organization's internal network IP scheme changes, remember to update the Allowed IP Addresses for all affected administrators.
IPv6 Consideration: When using IP filtering, it is generally recommended to enter your IPv6 IP address if your network primarily uses IPv6, as IPv4 addresses are becoming less common for external facing services.
IT Department Collaboration: For complex network setups, especially involving firewalls or VPNs, collaborate with your IT department to ensure proper network configuration aligns with your OPS-COM IP filtering rules.

Resolve Duplicate Options

History Search

Purge Old - Explained

Purging Incidents

Handheld Devices and Commons

Managing Recurring and Onetime System Tasks

Using the Database Importer (Beta)

Importer Field Descriptions

Preview Spaces (Database to Preview)

Data Maintenance Articles

Manage Roles and Permissions

Permissions in OPS-COM

Manage Administrator Groups

Manage Admin User Accounts

IP Filtering for Admin Users

Guide to System Settings

Troubleshooting - Email Server Communication Errors

Alarms System Settings

Defining User Profile Settings

Configuring Multi-Factor Authentication on the User Portal

Password and Security Settings

Uploading and Managing Files

Limiting Active Vehicles

Setting Up Single Sign-On with OperationsCommander

Using SAML SSO with OPS-COM

Login Sources (SSO)

Email Headers and Footers

System Messaging Checklist

Email Templates

Translations

Default Header and Footer for Mobile Readiness and SwiftDeploy

Pages and Content Blocks

Templates and Design

Departments

User Departments

User Types

User Setup

Vehicle Types

Vehicle Makes

Vehicle Colours

Vehicle Plate Types

Vehicles Setup

Permit States

Parking Setup

Common Lots

Lot Zones

Locations - Sub Locations

Location Setup

Locations

Sort Violations for Quick Access

Ticket Offence Items

Violations Setup

Ticket Categories

Relations

Incidents Setup

Ethnic Types

Missing Property Types

Extended User Profile Options

Flags

Email Alert List

Manage Email Warnings

The Invoice Template

Deposit Options

Taxes

Sources - Dispatch

Dispatch Categories

Dispatch Setup

Distribution Setup

Users - Distribution Admin Options

Alerts - Distribution

Search for a User

Actions - Distribution

Status - Distribution

Warnings - Distribution

Form 11 Shortcodes

User_card Shortcode

User Information Shortcodes

System_code Shortcode

PermitTempPdf and Conditional Shortcode

Lot Information Shortcode