limit cloud access via ip range

Hi Rogelio,

By default, Sugar doesn't offer a way to restrict access to the instance for a specific set of IP addresses. Since Sugarcloud doesn't allow modifications to the web servers (where an on-premise instance would be able to create such a list in a fairly straightforward way), the only place such a restriction could be implemented would be on the users' machines themselves. This though still leaves the problem of users using their personal machines to access the Sugarcloud instance.

Hi ROGELIO GOMEZ,

There was an open source project released by Sugar: IP Restriction Manager. That project hasn't been updated in 2+ years, so it should be tested first as it may no longer work with current versions of Sugar.

Thanks for the reply,   Anyone knows if limitation can be on the user level?

maybe have a logic hook that logs out the user if not in the range.

As mentioned in a call center, they don´t want users to be able to log from home

There is a hook event which triggers after login: https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_10.0/Architecture/Logic_Hooks/User_Hooks/after_login/

You could implement business logic there to check if the user is within the allowed range, and take action if it isn't. Probably need to think about redirecting after you kill the session to a vanilla HTML page which explains the error.

as mentioned by Chris Raffle, the open source IP Restriction Manager is what I've used, and can confirm it still works with at least v9 but haven't tested with v10 yet.
The functionality allows you to restrict by either individual Users, Teams or Roles. 

The only issue I found out recently is that it seems to ignore the IP restriction for any user via the Sugar Mobile App.

Not being a developer, my thinking is it's probably a simple bug/typo related to the logic behind 'Platform' that can be easily fixed, so hoping the issue I raised on Git will be looked into or somebody here can spend a little time on this as it's a very useful little add-on?

Hello Rogelio, 

This might come a bit late already, but if you wish to Whitelist or Blacklist a set of IP's or IP ranges in SugarCloud you can do it via Support Case. 

Create a case with the addresses and our Support team will take care of it. 

I hope this helps 

The base path works in version 10.3

It is pretty easy to implement a feature/custom module which block IP addressess either globally or by user. We had implemented exactly this feature for a customer. Such a solution is upgrade safe and packageScan safe.

Fell free to ping me in case you are interested on.

The good folks over at Upsert ( Chris Raffle and co) have taken the above open source plugin, forked it, updated it for the current version and now distribute it via SugarOutfiters.

https://www.sugaroutfitters.com/addons/UpsertIPRestrictionManager

Thank you, Team Upsert, for your generous contribution to the community!