Skip to main content

Restricting Access Based on Geolocation

warning

This feature is applicable only if users attempt to authenticate their applications through QR or push notifications.

Protecting web applications from unauthorized access is essential in today’s digital era. One effective approach to enhancing security is by controlling access based on geographic location. 1Kosmos offers the ability to manage access using geographic location. Implementing this feature allows organizations to effectively protect their applications from malicious actors, while ensuring access is granted only to legitimate users.

Community administrators can set a maximum distance from a user’s trusted location within which login is allowed. If a user tries to log in from outside this defined distance, access will be denied. For example, if the user’s mobile location is within 100 meters of their trusted location, access will be granted; otherwise, it will be blocked. This can be set up using the rule engine, which allows you to create location-based rules using data from the user’s mobile device.

Setting Up Geolocation Based Restriction

The community administrator must complete the following prerequisites before configuring the Geo rule:

  • Make sure that the end user has enabled the location on both their mobile device.
  • Users’ trusted location should be stored in an AD attribute.
  • Map this AD attribute to the BlockID attribute (trustedLocation)
    note

    The expected format of the trusted location data is as follows:

    [
      {
          "lat": 40.7129,
          "lon": -74.007
      },
      {
          "lat": 39.7514,
          "lon": -105.0211
      }
    ]
note

In case if the AD attribute does not carry the trusted location detail in the required format given above, a transformation script can be added at the broker level to convert the data into appropriate format. You can reach out to your 1Kosmos customer representative for assistance.

Configuring Geo Location Rules

To define the geo location rules, follow these steps:

  1. Log in to your tenant as a community administrator.

  2. Navigate to Authentication > Adaptive Authentication.

  3. In the Add new adaptive auth journey drop-down menu, click Add new geo based restriction.

  4. In the Geolocation Based Restriction page that is displayed, configure the rule based on which the access to the application will be granted to the user.

    FieldDescription
    Journey NameSpecify a journey name for the rule.
    EnabledMove the slider on or off to enable or disable the rule.
    Conditions
    Mobile location and Allowed location is not within range of <x> metersSpecify the maximum allowed distance between the user's mobile location and their allowed location. If the distance between the two locations is outside this range, access will be denied.
    + Add anotherClick this button to add a new row to specify a condition such as User(s), Groups, and so on.

  5. Click Save.

If a user tries to access an application protected by 1Kosmos from a location outside the allowed distance from their trusted location(s), they will receive a message indicating that access has been denied as seen below.