Does SWOOP provide a mechanism to restrict based on IP address?
SWOOP applications are provided as SaaS instances as a multi-tenanted app. SWOOP therefore cannot provide a native/general way to restrict access based on an IP address. This, however, can be achieved through Azure configuration at customer end. The purpose of this document is to show how customers can achieve IP access restrictions as a workaround at their end.
Configuration
The configuration can be achieved by going to the Entra → Enterprise App and search for the SWOOP Analytics login app. On the left hand side there is a section called “Conditional access” and create a new policy with the following settings
-
Add All Users.
-
Add a Network rule (on the left) and you get the panel (on the right), for ‘Include’ choose All networks and locations (Not visible in the screenshot).
-
For the Exclude (shown in the screenshot), choose either “All trusted networks and locations” or “Selected networks and locations” (in this case ‘custom network/location’ was selected which was marked as trusted. Either would work).
-
Then select “Block access” in the Grant section.
-
Select ‘On’ in ‘Enable policy’.
Pro Tip: Use the “What If” tool at the top of Conditional Access to check the rule before it is actually used.