Limiting who can log in, and from where, is a powerful security lever. Illizeo lets you define IP allowlists, block specific countries and require an additional check on atypical logins.
Restriction levels #
| Level | Effect | Use case |
|---|---|---|
| Strict IP allowlist | Only listed IPs can connect | Highly sensitive data, banking |
| IP allowlist with exception | Listed IPs + temporary opt-in | Occasional remote work |
| Geo blocklist | Banned countries (e.g. Russia, North Korea) | Sanctions compliance |
| Additional verification | MFA forced on atypical IP/country | Recommended default |
| No restriction | Connection from anywhere | Many traveling profiles |
Step-by-step #
-
Define the strategy #
Aligned with your CISO. Ideally per role: HR/Admin = strict, employee = additional check.
-
Configure IPs #
Security → IP restrictions → Add. Single IP or CIDR range. Description mandatory.
-
Configure geography #
Country blocklist (ISO 3166 codes). GeoIP list refreshed regularly.
-
Test #
Simulation mode: Illizeo shows who would be blocked without enforcing. Check for false positives.
-
Enable in production #
Pre-communicate to employees. Break-glass admin account keeps broad access.
FAQ #
Corporate VPN for remote work?
If everyone goes through your VPN, allowlist its egress IPs. Easier to maintain.
And travelers?
Prefer additional verification (MFA) on each atypical login over strict block.
False positives for travelers?
Users can request a temporary exception (24h, 7 days) approved by HR/IT.
How to audit?
The Blocked logins report lists every block with IP, country, reason.
See Compliance (GDPR, ISO, SOC 2) #
Learn about Illizeo’s certifications and compliance.
