limit cloud access via ip range

Question

Is there a way to limit who can access an instance on the cloud via an IP range, or by user? 
 
 I have a client who need users to be able to log into the system only when they are at their premises

ROGELIO GOMEZ · Answer

The good folks over at Upsert ( Chris Raffle and co) have taken the above open source plugin, forked it, updated it for the current version and now distribute it via SugarOutfiters. 
 https://www.sugaroutfitters.com/addons/UpsertIPRestrictionManager 
 Thank you, Team Upsert, for your generous contribution to the community!

ROGELIO GOMEZ · Answer

as mentioned by Chris Raffle , the open source IP Restriction Manager is what I've used, and can confirm it still works with at least v9 but haven't tested with v10 yet. The functionality allows you to restrict by either individual Users, Teams or Roles. 
 The only issue I found out recently is that it seems to ignore the IP restriction for any user via the Sugar Mobile App. 
 Not being a developer, my thinking is it's probably a simple bug/typo related to the logic behind 'Platform' that can be easily fixed, so hoping the issue I raised on Git will be looked into or somebody here can spend a little time on this as it's a very useful little add-on?

ROGELIO GOMEZ · Answer

There is a hook event which triggers after login: https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_10.0/Architecture/Logic_Hooks/User_Hooks/after_login/ 
 You could implement business logic there to check if the user is within the allowed range, and take action if it isn't. Probably need to think about redirecting after you kill the session to a vanilla HTML page which explains the error.