A whole new level of security for ThoughtFarmer 6.5 Avocado: Location awareness

ThoughtFarmer 6.5 Avocado includes a feature that is irrelevant for 95% of our clients. But for the other 5%, it’s extremely useful: location-based security.

Regular security in ThoughtFarmer is user-based or role-based. If you are Mike in IT, you will always see the pages and files that Mike in IT is supposed to see, regardless of where you are. (See a screenshot of the regular security settings in ThoughtFarmer.)

Location-based security does not care about who you are. All it cares about is where you are. If you are in the office, you may be able to see the super-secret information. But if you are in a coffee shop on dodgy wi-fi, you may not be able to.

Potential uses for location-based security

  1. Prevent unauthorized external access. Some companies choose to self-host ThoughtFarmer in order to restrict usage to their internal network. With location-based security, you can open up your internal intranet, or use ThoughtFarmer Cloud, and still prevent anyone from accessing sensitive information unless they are on your internal network.
  2. Prevent unlawful export of information. Perhaps your company is bound by the terms of an international treaty that restricts the movement of sensitive information. You can ensure compliance by using location-based security on the sensitive pages.
  3. Display country-specific HR policies. If you are a global company, your HR policies may vary widely from country to country. You could manage who sees what with role-based security, but it may be simpler to use location-based security.
  4. Add an extra layer of protection to trade secrets. You can combine role-based security with location-based security to make confidential information extra-safe. For example, you can restrict viewership of trade secrets to Senior Managers who are currently located in Head Office.
  5. Limit administrative access. In ThoughtFarmer, administrators can choose to see anything. Location-based security takes precedence, though. If the location-based settings prevent you from accessing a document, it doesn’t matter if you’re an administrator — you still won’t see it.

Configuring location-based security in ThoughtFarmer

Location-based security is based on IP address. Every time you access a web page, the web server records the incoming IP address of your computer. IP addresses look something like this:

Each organization usually has a range of IP addresses. To help you understand the IP addresses in use at your organization, we have an available custom portlet you can activate called “Show My IP”. It lists the current user’s IP address in an inconspicuous location in ThoughtFarmer.

IP address intranet
An available ThoughtFarmer custom portlet shows the current user’s IP address.

To apply the location-based filtering, see the Admin page “IP content restrictions”. Select the page you want to restrict, and enter a range of IP addresses that should be allowed to access the content. The IP addresses are entered using “slash” notation. At this point, it may be obvious that you need the help of your network administrator to successfully use this feature.

Intranet IP filtering
Restrict access to intranet content by entering a range of permitted IP addresses.

Not an either/or

You do not have to choose whether to use user-based security or location-based security in ThoughtFarmer. You can use them both at the same time. Indeed, for most scenarios, user-based security is more useful and easier to understand.

But for certain applications, location-based security is very useful.

To see what else is new in ThoughtFarmer 6.5 Avocado, join our launch webinar on Wednesday, June 19th.

Comments are closed.