1
0
-1

I've had a question on restricting access to some forms based on IP (ie so only staff in a particular office can access a particular group of forms). Is that possible? 

    CommentAdd your comment...

    3 answers

    1.  
      2
      1
      0

      The requirement to restrict forms to certain staff would better be served by defining Form Groups, rather than by IP address, providing the forms are restricted to authenticated users only.

      For anonymous access forms, restriction by IP address would best be handled by configuring the web server serving the form URLs, and that is web-server dependent.

        CommentAdd your comment...
      1.  
        1
        0
        -1

        Hi Fiona, thanks for raising this question. For a bit more context, an example would be a form being created to be used for an internal event registration, which should not be publicly accessible. Anyone on our internal network should be able to access the form without needing a password, but those off the network should see a 403 error or similar.

        Bill's solution of locking down anonymous forms by IP at a webserver level sounds most appropriate, however I imagine this could be cumbersome if it requires manual intervention for each form. How would it work in practice?

        I don't think this is a hard requirement, but thought I'd raise it to see what our options are.

        Thanks,

        Jack

        1. Ben Warner

          I think the best solution for you would be to have a separate Space with IP white list restrictions. This way you can choose at publish time which Space you want the form to appear in and you can publish many forms as you wish into this restricted Space. Setting up the IP white list configuration is a task for our cloud hosting team.

        CommentAdd your comment...
      2.  
        1
        0
        -1

        This really depends on what you are trying to achieve.

        It's quite common to restrict access to a Work Space by IP Whitelist, and therefore all the forms in that  Space. This is often set up in order to add an additional layer of security around PII data.

        If you're trying to restrict access to a form to trusted countries, you can use the same method, however, there are fraud detection services offered by 3rd parties, which we can hook into via standard extension points.

          CommentAdd your comment...