Is it possible to restrict access to individual SharePoint Online sites (or site collections) to users only connecting when on the corporate network?
Hi,
We have an Office 365 environment which is linked to our on premise ADFS environment. We have started to make some deployments of sites to our SharePoint Online environment. For the majority of sites this is great and the ability to access the sites
from anywhere is a real bonus. However, there are some sites and data that I would be much more comfortable in migrating to SharePoint Online if there were a way to make them only accessible via users/computers connected to the corporate network.
I have seen articles in how you can configure ADFS to allow all connections to the Office 365 tenant only from the network or not but what I am after is something which can be configured on a site by site basis (i.e. not the whole Office 365 environment
or SharePoint Online environment) to only allow access when connecting from the corporate network.
Any advice/help would be much appreciated?
Many thanks
Paul
Hi,
This is the forum to discuss questions and feedback for Microsoft Office, the issue is more related to SharePoint online, I recommend you post your question to the Microsoft Office 365 Community Sites and document sharing Forum
http://community.office365.com/en-us/f/154.aspx
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Thanks
George Zhao
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click "[email protected]"
Similar Messages
-
Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?
you might be able to block it if the app uses Internet access
and depending on your wireless you might be able to block a specific user
accessing the backend host that the app uses
some firewalls offer application filtering but I'm not aware of any that work with ios apps -
recently bought a samsung NX30 camera which came with lightroom 5, after several hours of googling i got it setup properly with the correct camera raw to be able to access my raw images. I found my old laptop was very slow when processing the hundreds of images I usually take on a weekly basis. I bought a new faster laptop but when I looked for the cd with the software and serial I could not find it in the Xmas clutter. I downloaded a trial version of lightroom and got it working on my new laptop. Is there a way to access the serial number from my previously installed version and insert it into the trail version to make it work for me?
MyronMea culpa
While i registered all my cs2 thru 6 versions and my lightroom 2 thru 4 versions and recorded the serials and saved the adobe registration emails. Since this came as a freebee with the camera i neglected this vital step. I have the instslled version on my old laptop but want to install it on my new one. Thanks to Jim Hess I got the serial so all is well in my world and I will register it with ADOBE
Myron -
when watching a slideshow I could always access music from my iTunes folder. Suddenly today I can only hear music under the 'theme' tab. I can see my music in iTunes but when I double click on it nothing happens!
In iTunes go File -> Library -> Organise Library -> Reorganise Library.
Then quit and restart iPhoto.
Credit to user keysandfood who figured that one out. -
Visio Web Access Refresh in SharePoint Online 2013
I'm trying to pull in SharePoint Online 2013 List data into a Visio Pro 2013 diagram and then serve the diagram into a SharePoint Online Page under a Visio Data Access Web Part.
I have no working knowledge of Visio, but made a data connection and presented SPO list data on my diagram. But the data appears to be static when deployed to the Visio Access Web Part - even when I manually refesh. I think, I'm not correctly
adding list fields to my document.
I've set refresh rates on both the document and the web part, but neither help.
For a demo I want to show a single list field - nothing fancy.
Possible to have dynamic data from an SPO List hosted in SPO?
Any way to filter which row is sent from through a URL Query string?
How?Hi ,
Per the following article, the data sources will be disconnected and can't be refreshed after the Visio is published to SharePoint.
"You can publish PivotDiagrams or Timeline diagrams to SharePoint, but they are disconnected from the data sources and can’t be refreshed."
http://office.microsoft.com/en-001/visio-help/save-diagrams-to-sharepoint-HA102749359.aspx
And also I would suggest you post in Office365 SharePoint online forum for a better assistance regarding this issue through the following link.
http://community.office365.com/en-us/f/154.aspx
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Daniel Yang
TechNet Community Support -
Hi,
I have a requirement in which I have to assign couple of email ids to the "Manage Access Request" field to process site access requests. And, this is possible using server object model but I have to achieve this on SharePoint Online with the help
of CSOM.
There are two properties which control the access request configuration, first is "RequestAccessEnabled", a Boolean flag which turns on or off the access request feature for the site. The second property defines one or more email addresses where
requests will be sent to. It is named "RequestAccessEmail".
The above both properties are available for server object model but not for CSOM.
So, is there any other workaround or way to achieve the sane in CSOM?
Thanks,I don't think there is a programmatic workaround for SharePoint Online. But the email address is just used for Notification. Anyone with Manage Permissions can approve Access Requests. If you create an email distribution list for the multiple
addresses that should be notified you should be able to add the email address for the distribution list into the Access request email field using the user interface.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
Hi guys,
This problem showed up a few days ago. Even though I have turned on the 3G and the cellular data, my phone tells me there is actually no connection. But the network indicators shows a maximum network. I went to the genius bar and they fixed it by restoring the phone and it started working again. Then I restored it at home with my back up. Today, it started again: network issue. And the problem does not come from the network (I have tried my sim on another iphone with the same carrier). It really does come from the device.
Any ideas ?
Many thanksHello
According to iTunes: About iOS backups http://support.apple.com/kb/HT4946
Yes it saves,
"App Store Application data including in-app purchases (except the Application itself, its tmp and Caches folder).
Application settings, preferences, and data, including documents."
Cheers,
Lima -
Restricting access to system queries
Hi experts!
Is it possible to restrict access to system queries (in SAP reports) for a particular user?
Also, can we restrict inventory reports generated to a certain item group only for a particular user? example: item groups available are Spare Parts, Raw Mat, WIP & FG. The user should only be able to generate inventory reports concerning Spare Parts.
thanks.
regards,
tessaHi Tessa
You can restrict Access to System Queries by providing NO AUTHORIZATION to the option Saved Query - System.
The same can be set under
Administration --> System Initialization --> Authorizations --> General Authorizations --> Reports --> Query Generator --> Saved Queries - System
Hope this helps.
Regards
Rohan S. Kamble -
Restrict Access to Page Using a password.php Instead of Server Behavior
I previously used "log in" and "restrict access to page" server behaviors for my client portal when I only had one client. I had my username and password stored in mySQL database. I recently have gained more clients that all needed to be redirected to their own customized landing page when logged in. Because of this, I used a password.php to store the usernames and passwords and to redirect to different pages. Now, I am wondering how I can restrict access to these pages (i.e. someone won't be able to access the pages by typing the url) since I will not be connecting to a database anymore.
I'm also confused by your statements.
>Now, I am wondering how I can restrict access to these pages
>(i.e. someone won't be able to access the pages by typing the url)
>since I will not be connecting to a database anymore.
It doesn't matter where you store the credentials - database or php file - the techniques for restricting access will be similar. I really don't understand why you moved away from the database when you got more clients. The more data you need to manage, the more reason to store it in a database.
After logging in, most sites direct users to the same page, yet pull user specific data from the database. If for some reason you can't do this and need to built individual pages for each client, then store the 'landing' page for the client in the php file or database. Restrict access to each page by comparing the logged in name with an allowed login name. Or a more dynamic approach would be to dynamically pass the page name to a database query that validates that it's ok for the logged in user to access.
Also, these questions are more appropriate for the app dev forum. -
Grant access to individual content
Hello,
I'm currently implementing a UCM solution and I came upon a customer requirement that I don't even know if it is possible to implement with UCM.
I will try to explain by giving an example:
The company has 2 Departments: Department 1 and Department 2 and for each department it was created a Security Group.
SG_DEP_1 for Department 1 and SG_DEP_2 for Department 2.
The company also has 2 users, one for each department, with full accesses:
BOB_1 has RWDA to SG_DEP_1 and EDDIE_2 has RWDA to SG_DEP_2.
Each user can manage its own Security_group, but what happens if BOB_1 needs to show a document to EDDIE_2 (example: for asking EDDIE_2 for an legal advice on a given document). Could BOB_1 grant read access to EDDIE_2 on that specific document ? (I'm not talking about granting access to SG_DEP_1, just the document).
Note: in my specific projects, there are at least a dozen Departments, each tightly secured, but with needs to show 'some' content on a daily basis. What the customer really needs it the hability to specify access permissions individually on each content item (groups or specific users).
How would you implement such a use case? I'm starting to consider the possibility on having to implement a BPM, or something like that to provide this level of control.
Thanks
Luís Duarte
Edited by: user10359998 on Sep 25, 2008 4:19 AMHi!
In the HowtoComponents, there is a component named "SecurityFilter" :
"This component demonstrates how to use the 'alterUserCredentials' filter to temporarilly boost a user's security privileges for one request. This filter is useful for dynamicly granting accounts and roles for specific service requests, or for specific users." quoting the readme of the component.
You can download it there : http://www.oracle.com/technology/products/content-management/ucm/samples/index.html
Hope it helps!
romain. -
Restricting Access only for APPS account using SQLNET
Dear Friends,
Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
please help.
Thanks.Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.oraNo (and even if it exists, I believe this does not fix the main issue with the apps password which could be cracked again).
The proper way would be changing the apps password and meet the security requirements in these docs.
Secure Configuration Guide for Oracle E-Business Suite 11i [ID 189367.1]
Secure Configuration Guide for Oracle E-Business Suite Release 12 [ID 403537.1]
FNDCPASS Utility New Feature: Enhance Security With Non-Reversible Hash Password [ID 457166.1
Thanks,
Hussein -
Restricting category for individual users
Hello,
This is probably a stupid question but I have googled and googled it and can't figure out the answer. We just started using FDM and currently I am the only user. I am setting up additional user accounts and would like to restrict their access. I was able to set up the new users in User Maintenance, set the access to Intermediate-3, and restrict their access to one location.
I am having issues figuring out how to restrict access to Category. We have multiple categories like Budget and Actual but I would like to restrict the other users access to just Actual. Is it possible to restrict access to category by user?
Thanks!Not a silly question. If you only have a few users, the simplest option is to use the "Global" setting on the Point of view. this prevents the non-admin users from changing the period or category in the Point of view which can only be amended by an admin user. (A Limitation of this (Needs confirming) is that if you are working on a different category when a user signs in, that is the category they would have access to)
A second option may be to have each user have their own location (assuming they are posting to different target entities), and then use the POV lock but that is a bit more maintenance as you would need to lock the Current Point of View base don location/period/category that you wish to restrict.
Both the above are explained in the admin guide
a third option would be to amend the Category adaptor script so for each user only the category(s) they are entitled to use are displayed (Rather than hard-code each user you may wish to hold the user / category details in a special location / mapping table that only an adminstrator can access)
a fourth option (similar to the third) might be to do something similar in an event script. I haven't used them but there is a Securitychanged event script and a POVChanged event script which might do the job. -
ToJSONString Showing Up in Restrict Access to Page List
Working in DW CS3 with ADDT using PHP and MySQL. I'm having a issue which I don't think I had before when I use the Restrict Access to Page server behavior. I'm working with user access levels pulled from the 'levels' field in my database and everything appears to be working as expected. I can select any number of available integers to restrict access to those pages. However, I've noticed that if I go back to edit that list of access levels, a new entry appears below the last integer in the list called "toJSONString". (toJSONString does not show up when I initially add the server behavior, only if I go back in to change it).
I did a quick search and turned up this info:"The JSONString interface allows a toJSONString() method so that a class can change the behavior of JSONObject.toString(), JSONArray.toString(), and JSONWriter.value(Object). The toJSONString method will be used instead of the default behavior of using the Object's toString() method and quoting the result." Unfortunately, I don't understand any of that.
I don't know why toJSONString is showing up in the list and if I should be concerned. (Mac OS 10.5.5; DW CS3 (v( Build 3481] and ADDT 1.0.0)tyler4iq wrote:
> OK. I'm trying to authenticate users through a log in
page, but it always fail.
It's a known bug in MX 2004:
http://friendsofed.infopop.net/2/OpenTopic?a=tpc&s=989094322&f=8033053165&m=324102421
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/ -
Federated identity and Visual Studio Online - Restricting Access
Hi,
Using federated identity, can I restrict access to Visual Studio Online only from the corporate network, the same way I can with office 365? If so anyone know what claim rules should be used. Going further can I restrict by client certificate?
ThanksHi PMLIO,
So the answer to your question is a mixture of both yes and no, depending on the level of restriction you desire.
VSO has deep integration with Azure Active Directory, which allows you to restrict access to your Visual Studio Online account to only users who exist in your corporate directory.
This page details more about this support and how to enable it. If you remove users from your Azure AD directory (which can be synced with your on-prem directory), they will lose access to your Visual Studio Online account automatically, without you
having to manually remove them from the account. Will that fulfill your requirements?
We currently don't support a scenario where only users who are connecting to Visual Studio Online from a corporate network are permitted to access your account. If that's something you need, we recommend an on premise deployment of Team Foundation Server.
We'd certainly welcome a feature suggestion on the
Visual Studio Uservoice to add support for this in Visual Studio Online!
Client certificate authentication falls into the same bucket as above: Visual Studio Online doesn't support client certificate authentication. There's a
UserVoice suggestion about supporting SSH auth that's in a similar vein, so it's definitely something we're hearing desire for.
Let me know if you have any more questions!
Regards,
Will Barr
Software Engineer | VSCS Developer Identity -
Need to restrict access to multiple servlet applications on same box
Hi!
I have deployed two separate servlet applications to the same IAS. I need
to restrict access to each application - that is requests from one source
should only have access to one application and not the other. The web
server we are using is IIS.
Should I create a separate IAS to deploy the second application to? Can I
restrict based on IP - that is port 80 is reserved to application 1 while
port 81 is restricted to application 2? If so, how do I go about this? It
appears that the web connector only receives on one port (default 80).
Any help would be greatly appreciated.
SheilaI see. So do you mean that I can override the port number in the proxy startup script itself? I can try doing that and see if it works fine.
About Coherence 3.7, yes. I did see that it has some cool features about proxy discovery. But at this point I am stuck at using 3.6 and 3.6.1.
Edited by: online19 on Jun 29, 2011 5:41 PM
Maybe you are looking for
-
My USB port doesn't detect my external hard drive. What could be wrong? (WD My Passport for Mac)
My Passport for Mac originally worked and I was easily able to download files. It even worked on my MacBook Pro. Now, when I attach this external hard drive and open Finder, the external drive is not there. I've run Disk Utility. I've shut down, hit
-
How do you upload into PSE 10 the library from PS Album Starter 3 that is locked?
-
I don't know how to design the New Email prompt
Hello: Now I want to create a my corporation home page in EP. I have integrate Lotus Notes email into Enterprise portal by creating a Lotus Notes Iview. but I want it can prompt You have a new E-mail the same as when the Lotus Notes
-
Help! Slideshow properties not working with multiple albums
Hi, The album properties in the slideshow creator doesn't seem to work in the case of multiple albums in one slideshow. When I add an album description and a thumbnail for a particular album, the info is lost when I add similar information to a subse
-
Can I use Photoshop Elements 10 for RW2 files used by Panasonic?
Can I use Photoshop Elements 10 for RW2 files used by Panasonic? Message title was edited by: Brett N