Product: SecurityHub
Applies to: Customer SecurityHub administrators
You can prevent or allow access to your domains by IP address or geographic location. For more information about Geographical blocking, see Configuring access control by geographic location.
Note: This option is only available if you have a valid domain associated with your organization. If you do not have a valid domain associated with your organization, you can request a domain be added. For more information, see Managing domains.
When you add a connector, as part of the configuration, you can specify test users. The connector will initially be created in the testing mode, meaning that only the test users can log in using the connector. This allows you to ensure that the connector is working properly before making it available to all users in the configured domains.
Connectors can have one of the following statuses.
- Setup - The connector has one or more domains associated with it that can be tested using the test users. The connector is not live.
- Active - The connector is live and in use.
- Inactive - The connector does not have any domains associated with it.
Your contract determines which features are available and which roles can access them. Note that compliance admins only have view rights to the available features.
Video - access control configuration using IP addresses
Watch this video tutorial to learn how to configure access control rules to allow or block access to specified IP addresses for your environment.
How to configure IP restrictions
- From within SecurityHub, click Login Security.
- Click Access Control.
- Click Add a Rule.
- In the Rule Type field, click IP Blocking. Note that the rule type cannot be changed after the rule has been saved.
- In the Rule Name field, enter a name for the rule.
- In the Rule Action field, select whether the configured IP address will be allowed access or blocked from accessing the configured domains.
- In the IP Addresses field, enter the address that you want to allow or block.
- In the Contact Email Address field, enter the email address of the person or group that can assist users with issues that prevent them from logging in.
- Click Next.
- In the Domains field, enter the domain or click Select all domains to select the domains to include.
- In the Test Users field, enter the email addresses of the users that will test the rule. The users must be part of the domain. A maximum of 15 test users can be added.
- Click Next.
- Review the rule and click Add. If no domains are associated with the rule, the status will be Inactive. If domains are associated with the rule, the status will be Setup, where the rule can be tested.
How to edit a rule
- From within SecurityHub, click Login Security.
- Click Access Control.
- In the Actions column of the rule you want to edit, click the edit icon.
- Click Domain Associations to update the rule status and associated domains.
- In the Status field, select the status.
- Setup - The rule has domains associated with it and can be tested. It is not active.
- Inactive - No domains are associated with the rule.
- Active - The rule is in use.
- Click Rule Details to change the rule action and IP addresses affected by this rule.
- Make changes and click Save.
How to delete a rule
Only rules that have a status of Inactive, that is, no domains are associated with it, can be deleted.
- From within SecurityHub, click Login Security.
- Click Access Control.
- Ensure that the rule that you want to delete is in the inactive state. If it is not in the inactive state, in the Actions column, click the edit icon, change the status to inactive and click Save.
- In the Actions column of the rule you want to delete, click the trashcan icon.
- Click Delete to confirm.
How to view rule details
- From within SecurityHub, click Login Security.
- Click Access Control.
- Click the name of the rule.
- Click Back to return to the list of rules.