I would like to use IP based conditional access for my users.
In many MFA systems you can whitelist IP adresses in the system so that users logging in from that IP will not be required to use MFA for logon but only their username and password.
Users logging in from other IP adresses are required to use MFA for login.
In this way, users loggin in to i.e. Citrix from their home office have to logon with their MFA, but users inside company network are allowed to login without MFA. I know I can do this with policies on the Citrix Netscaler, but that limits this to Citrix. By doing this directly on the PrivacyIdea server this function will be available for all types of services.
Anyone out there that have done something like this with PrivacyIdea?