Is there a way to limit who can access an instance on the cloud via an IP range, or by user?
I have a client who need users to be able to log into the system only when they are at their premises
By default, Sugar doesn't offer a way to restrict access to the instance for a specific set of IP addresses. Since Sugarcloud doesn't allow modifications to the web servers (where an on-premise instance would be able to create such a list in a fairly straightforward way), the only place such a restriction could be implemented would be on the users' machines themselves. This though still leaves the problem of users using their personal machines to access the Sugarcloud instance.
There is a hook event which triggers after login: https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_10.0/Architecture/Logic_Hooks/User_Hooks/after_login/
You could implement business logic there to check if the user is within the allowed range, and take action if it isn't. Probably need to think about redirecting after you kill the session to a vanilla HTML page which explains the error.
as mentioned by Chris Raffle, the open source IP Restriction Manager is what I've used, and can confirm it still works with at least v9 but haven't tested with v10 yet.
The functionality allows you to restrict by either individual Users, Teams or Roles.
The only issue I found out recently is that it seems to ignore the IP restriction for any user via the Sugar Mobile App.
Not being a developer, my thinking is it's probably a simple bug/typo related to the logic behind 'Platform' that can be easily fixed, so hoping the issue I raised on Git will be looked into or somebody here can spend a little time on this as it's a very useful little add-on?
CRM Business Consultant
It is pretty easy to implement a feature/custom module which block IP addressess either globally or by user. We had implemented exactly this feature for a customer. Such a solution is upgrade safe and packageScan safe.
Fell free to ping me in case you are interested on.