IP range

From Onlinehelp
Jump to navigation Jump to search

Through the Security settings in the Umantis solution (found under Settings -> Main settings), you can access a page where you can define valid IP ranges for certain pages of the solution. To add a restriction, click “Enter new IP range”.

Make sure that you do not add any restrictions here that include your own IP address. Otherwise, you will not be able to remove the restriction again from your current computer! If this does happen, our support team can reset the IP range restrictions.

If someone attempts to access a protected page from an unauthorized IP address, a 403 “Access forbidden” error message will be displayed.

Paths in Employee Management

In the Path field, enter the URL of the page for which you want the restriction to apply.

If you want to protect the entire solution, you must enter a “/” in this field.

To help you set up restrictions, an overview of the individual URL stems is provided below.

/Employment Employees (Employee directory, Employee directory - Employee review meetings, Employee directory - Career planning, Employee directory - Salary and bonus (period), Org chart)
/ExternalParticipants External individuals
/DashboardsStartPage Analytics -> Diagrams
/DashboardSearchScreen1 Analytics -> Diagrams about the employee
/DashboardSearchScreen2 Analytics -> Diagrams about the employee review meeting
/DashboardSearchScreen3 Analytics -> Diagrams about people
/DashboardSearchScreen4 Analytics -> Diagrams about events
/Objectives Analytics -> Goals
Company -> Company and department goals
/WorkTasks Analytics -> Tasks
/WorkSkills Analytics -> Competencies
/DevelopObjectives Analytics -> Development goals
/Behavior Analytics -> Behavioral criteria
/Feedback Analytics -> Feedback topics
/DashBoards Analytics -> Diagram templates
/Adhoc Analytics -> Excel report templates
/CourseCatalog Events catalog (for Events (users))
/CourseParticipation Event registrations (for Events (users))
/GlobalCompetencies Employee review meeting catalogs
/FunctionProfiles Function profiles
/Positions/All Positions (Employee Management)
/Polls Surveys
/Courses Events, Registrations, Instructors, Resources
For Events (administrators)
/EmplMan Reminders, Checklist templates
/Communications Communication (Contacts, Print documents, Distribution lists, Templates, Communication history, Unassigned emails)
/Import Imports
/Exports/Downloads Exports
/XMLExport XML export
/CSVExport CSV export
/Administration Settings
/Password Password
/SelfService Access as an employee
/SelfServiceTrainer Access as an instructor
/MyPublic Access as an external person, Public course catalog, Public surveys, Public groups
/pubhtml Images of the design are displayed
/ThirdPartyAppraisal Third-party evaluation

Still allow diagram views: Use the path: /Administration/ShowDashboardWithIDs and the range “*” (entered on the second line), in addition to the path “/Administration” and its range (as provided above), to allow a user who is locked out of the admin area to still see diagram views.

Paths in Applicant Management

In the Path field, enter the URL of the page for which you want the restriction to apply.

If you want to protect the entire solution, you must enter a “/” in this field. Note that applicants will no longer be able to access the solution if you have completely protected it (with a “/” path).

To help you set up restrictions, an overview of the individual URL stems is provided below.

/Recruiting Applicant Management (Jobs, Applications, Job requisitions, Recruiters, Job alert subscribers)
Tasks
/Contact Communication, Communication history, Unassigned emails, Stored form letters, Distribution lists, Templates
/Administration Settings (Main settings, Branch offices, Users, Wizards, Analytics, Job platforms, System backup, Processes)
/Import Imports
/Exports/Downloads Exports (Exports, Export templates, Automatic exports)
/XMLExport XML export, must be released when connecting to job boards
/CSVExport CSV export
/SelfService Applicant access
/SelfServiceLine Access for hiring manager
/SelfServiceBoard Access for committee member
/SelfServiceRecruiter Access for recruiter
/Jobs Positions published externally
/Vacancies Positions published externally
/VacanciesIntraxData Jobs published on the intranet
/Password Password
/Adhoc Analytics
/DashBoards Analytics
/DashboardSearchScreen1 Analytics
/DashboardSearchScreen2 Analytics
/DashboardsStartPage Analytics
/pubhtml Images of the design are displayed

Still allow diagram views Use the path /Administration/ShowDashboardWithIDs and the range “*” (entered on the second line), in addition to the path “/Administration” and its range (as provided above), to allow a user who is locked out of the admin area to still see diagram views.

Fig. 1: Entering IP range for diagram views despite user restrictions.






Enabling and restricting — important notes

You have the option to restrict "/" to an IP. At the same time, you can specify which addresses should be accessible, e.g. "/SelfService" or "/Vacancies". These can be enabled by using “*” as the IP (range) — see also Fig. 2. With this variant, all pages other than these explicitly enabled pages and their “related” pages will be blocked.

Important notes:

  • If you protect the entire area (“/”), please make sure to explicitly enable the “/pubhtml” area so that the design is also visible to applicants.
  • Please note that you can restrict the access to specific exports. Either none export is accessible (via /XMLExport) or a specific export is not accessible (/XMLExport/116?[Key])
  • Note that some URLs must be explicitly blocked, since they are also enabled when “related” URLs are enabled.

Examples:

  • if “/” is restricted and “/SelfService” is enabled, then “/SelfServiceLine” etc. is also enabled again --> It must be explicitly restricted.
  • if “/Vacancies” is enabled, then “VacanciesIntraxData” must be explicitly blocked.

Additional notes:
If you restrict the entire solution by using “/”, a change must be made to the password in the system e-mails. Two links are relevant here if an applicant/manager wants to set a new password:

  • Request password: https://recruitingapp-xxx.umantis.com/Password/PWForgotten -> Access is provided by enabling “/Password”.
  • Link in default system email to set a new password: https://[Special.Hostname]/?PasswordResetToken=[Password.Token]&PersID=[Empfaenger.ID]&customer=[Special.Customer]&lang=eng&DesignID=[Design.ID]
The link includes the URL parameter directly after the “.com” suffix. Only then is the link redirected to “/Password/PasswordSetNew”. When the system email is set up with “.com/?”, the IP restriction on “/” applies, and enabling “/Password” has no effect. Result: The user receives a 403 error message when setting their password.
Solution: Modify the link in the system email
  • Directly add the following extension before the URL parameter: “Password/PasswordSetNew” (https://[Special.Hostname]/Password/PasswordSetNew?PasswordResetToken=[Password.Token]&PersID=[Empfaenger.ID]&customer=[Special.Customer]&lang=eng&DesignID=[Design.ID])
Fig. 2: IP range: Enabling and restricting URLs














Range

In the IP Range field, you can specify a single IP address or a range of IP addresses.

Entry format (single address): 192.168.1.2, 192.168.1.*, 192.168.*, etc.

Entry format (range): 192.168.1.1-192.168.1.8, 192.*-193.*, etc.

Ideally, a separate entry should be created for each IP or IP range. All entries together make up the range from which the Umantis solution can be reached.

Retrieved from "https://en.onlinehelp.umantis.com/index.php?title=IP_range&oldid=8846"