It’s possible to restrict access to your Spektrix system based on IP Address, preventing anyone from logging into the system from outside your venue. This offers a useful layer of additional security to help ensure that only authorised users can access your system. In this article we’re going to take a look at how to set this up, how to edit the list of approved IP addresses, and what happens if users need to access your system from elsewhere.
Don’t worry if you have users who work away from their desks, or who need to use Spektrix on a mobile device. You can choose to either authorise that device for a short period of time or permanently authorise someone's home computer (assuming they have a static IP address).
Setting up
The first thing you need to do is to let us know which IP address(es) you want to be able to access your system. Get in touch with the Support team in the usual way (email support@spektrix.com or submit a request via the Support Centre) with the details of the IP address(es) you want to have added.
There needs to be at least one valid IP address - generally this will be the main IP address for the network which your box office computers are connected to. You can add as many approved IP addresses as you want; for example, if you have multiple venues or if your back office is on a different network to your box office.
Once a member of the Support team has added your IP address(es), you’ll be able to head to the Settings Interface and go to Configuration > Security to see the list of addresses and add any additional addresses you want to include at a later date.
NOTE: you won’t be able to see the Security option in the Configuration menu until the Support team have added the first set of valid IP addresses.
Only users with internet connections which use the specified IP address(es) will now be able to access your Spektrix system. Other users will need to request temporary access (see below) in order to log in. Alternatively, you can add the IP address for their location to the accepted IP list.
Adding and removing IP addresses
Once you have at least one authorised IP address, you can add additional addresses and edit or remove any which subsequently change.
From Settings Interface > Configuration > Security click the New Authorised IP Address button to add a new IP address.
- IP Address: enter the address you want to authorise. This can be a single IP address or a range specified using CIDR notation.
- Description: enter a brief description to make it clear what the IP address refers to, for future reference.
Once you have added everything, click the Create Authorised IP Address button.
Granting Temporary Access
If a user attempts to access your Spektrix system from an IP address which isn’t on your approved list, they will be presented with a screen explaining that they can’t access the system and that they will need to request access from their current location.
They will need to provide their location, a reason for the request and their Spektrix credentials.
Once submitted, their request will appear in the Security page under the Pending Access Requests section, and all users with the Settings Administrator role will receive an email notification.
You can approve or reject requests by clicking either the Approve or Reject button in the far-right column.
If you approve a request, you’ll be asked how many days you want to authorise that connection for (the maximum being 30). After that period has expired, the user will need to request access once again if they want to connect using the same IP address.
NOTE: temporary access is provided through the use of browser cookies, which means that, once granted, a user will be able to access Spektrix from any location, but only from the device and browser that they used to make the access request.
Changes to IP Addresses
We recognise that there may be situations in which IP addresses might change at short notice; for example, in the case when a main internet connection fails and a 3G dongle has to be used instead.
To handle this, each time a user accesses your system from an authorised IP address, their browser/device is also granted temporary access for one day. This allows them to continue accessing the system from that browser/device even if their IP address were to change.
This one-day temporary access will be shown in the list of approved access requests labelled with Automatically created from IP address.
Users taking advantage of this temporary access will need to switch back to the approved IP address before the end of that one day period if they want to continue being able to access the system (or have their new IP address added to the approved list during that time).
A note on security
The Spektrix Support team are not permitted to make any changes to your security settings, due to the difficulty in validating your identity. Therefore please bear in mind that only users in your venue with access to the Settings Interface (see this article for more information on user roles) will be able to amend the settings.
***
Please don’t hesitate to get in touch with the Spektrix Support team if you have any questions or would like to discuss anything covered here in more detail.