Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Security

    Translatable

    Restricting Alma Logins by IP Range

    To configure IP group configuration, you must have the following role:
    • General System Administrator
    You can restrict users from logging in to Alma according to IP address. There are two steps in configuring this feature. First you create IP groups and then you configure login access for these groups. Only these IP groups are then authorized to log in to Alma.
    To restrict login by IP groups:
    1. From the IP Group Configuration page (Configuration Menu > General > Security > IP Group Configuration), select Add IP Group. The Add IP Group pane appears.
      add_ip_group_ux.png
      Add IP Group
    2. Enter the following:
      • Group Code – A code for the IP group
      • Group Name – A name for the IP group that can be changed later
      • IP Version – IPv4 or IPv6
      • IP Match Criteria – A specific IP address or an IP range (two valid IP addresses separated by a hyphen)
    3. Select Add IP definition to Group. The range is added to the group and appears in the table.
    4. You can define multiple IP ranges for each group. Repeat steps 2 and 3 as necessary. To remove a range, select Delete in the row actions list.
    5. When you have finished adding IP ranges, select Add and Close. The IP group is added.
      To edit the group, select Edit in the row actions list. To delete the group, select Delete in the row actions list.
    6. Open the Login Restriction Configuration page (Configuration Menu > General > Security > Login Restriction Configuration). Note that login restrictions are disabled until you enable them on this page.
      login_restriction_configuration_ux.png
      Login Restriction Configuration
    7. Select the IP groups from IP Group whose IP addresses you want to allow login access, and select Add. You can select Add all groups to add all IP groups.
      Once an IP group is selected, all other IP addresses are restricted from logging in.
    8. Select a manager from the IP restrictions manager box (mandatory). This manager receives any messages sent by users when a login attempt is made from a restricted IP address.
    9. Select Enable login restrictions. To save your changes without enabling or disabling login restrictions, select Save.
      • You must select Enable login restrictions for the IP login restrictions to take effect.
      • Users with the General System Administrator role are not restricted.
      • To disable login restrictions at a later time, select Disable login restrictions.
    If a user with a restricted IP address attempts to log in to Alma, the following message appears:
    access_blocked.png
    Access Blocked
    The user can select Contact Administrator to contact the IP restrictions manager configured above.
    To override these restrictions for a particular user, select Disable all login restrictions when editing the user (see Editing Users).

    Preventing Clickjacking

    To control iFrame enbedding options, you must have the following role:
    • General System Administrator

    Clickjacking is an attack that tricks users by showing them an innocuous page that includes real controls from sensitive pages. These controls are disguised through the use of background frames that mask off everything except the control, and the user cannot tell that they are actually clicking on a sensitive function in some other website. This can cause users to unwittingly download malware, provide credentials or sensitive information, transfer money, or purchase products online.

    To prevent clickjacking via ExLibris products, ExLibirs has adopted a policy-based mitigation technique. Now institutions can instruct the browser about appropriate actions to perform if their site is included inside an iframe.

    Modifying this page may break UI integrations from other products. In case of any doubts as to how to use this page, consult Ex Libris Customer Support.

     

    To set the actions to perform if your site is included inside an iframe:
    1. Open the iFrame Embedding Options table (Configuration > General > Security > iFrame Embedding Options). 
    2. For the desired product and component, select Customize in the row actions.

      Alma Management and Esploro Management cannot be framed. This configuration cannot be edited. 

    3. In the Action column, select the appropriate action to perform if your site is included inside an iFrame:
      • Allow all (default option) -  Allow all pages to load this page inside an iFrame.
      • Allow protected - Only trusted pages are permitted to load this page inside an iFrame. If you selected this option, in the Safe Domain column indicate the trusted URLs (no limit on the number of URLs you can specify, list multiple URLs with a blank space between them).
      • Block All - Deny all attempts to frame the page.
    4. Click Save.  
    • Was this article helpful?