Using Locations

Privakey Passwordless SSO uses network locations to determine whether users will be allowed Single Sign On access to a resource or be required to sign-in to that resource even if they have already authenticated with Privakey SSO.

Just what is CIDR

It's a bit technical. CIDR (Classless Inter-Domain Routing) notation is used to represent a range of IP addresses. It allows for more flexibility in defining the size of a network by using variable-length subnet masks.

CIDR notation consists of the IP address followed by a forward slash ("/") and the number of significant bits in the subnet mask. One can use CIDR effectively to define a location, such as an office.

It is easy to think of a CIDR as a neighborhood on the internet. It's just a range of IP Addresses.

Specifying CIDR

Bear with us, this is also technical.

To specify the CIDR notation for your network, you need to determine the range of IP addresses that are part of your network. This range is defined by two main elements: the base IP address and the subnet mask.

The base IP address is the starting point of your network. It identifies the network itself. Think of it as the address of your neighborhood.

The subnet mask determines the size of your network. It helps divide your neighborhood into smaller blocks and identifies the range of IP addresses available for devices within your network. Basically any router to the internet has a CIDR.

CIDR notation combines these two elements to represent your network. How is it specfied? I't just an IP address followed by a forward slash ("/") and the number of addresses specified as bits, i.e. it's subnet mask.

For example, a base IP address could be 192.168.0.0 and your subnet mask could use 24 bits. In CIDR notation, this would be written as 192.168.0.0/24.

The "/24" indicates that the first 24 bits of the subnet mask are reserved for the network portion, and the remaining 8 bits are used for devices within your network. This allows for up to 256 unique IP addresses for devices, with 254 usable addresses since the first and last addresses are typically reserved.

Determining your CIDR

If you're a small business or home office user, ot can be challenging to understand what your CIDR is. Here are a couple of ways one can determine it.

  1. If you have a dedicated or contracted network administration you should ask them.
  2. Contact your Internet Service Provider. This is perhaps the easiest path to getting your CIDR.
  3. For home users you can often find a representation of it in the admin console of your network modem.

Pending on your source your network definition may not be provided as an CIDR, rather you will receive an IP Address and Network Mask such as 138.12.32.4 and 255.255.255.0. It is easy to convert this to a CIDR. The easiest way to complete this conversion is to Ask an AI engine or search engine.

Configuring Locations in Privakey SSO

OK - so you figured out your CIDR and now it is time to configure it in the Privakey SSO Admin portal.

A. Navigate to Locations

  1. Login to Privakey Passwordless SSO.
  2. Click on Admin in the Navigation.
  3. Scroll down to the bottom of the and find the Locations card

Admin - Locations

Admin - Locations

  1. Click on Add New Location

The following form will appear:

New Location

New Location

  1. Enter a descriptive name, such as Main Office.
  2. Enter one or more CIDR definitions. Make sure to click the + Button after entering each CIDR.
  3. Configure SSO Behavior for Services. If you want users to log in to a service when at that location even if the are already logged into the SSO make sure SSO is not enabled.
  4. Click Add Location.

That's all folks!

If this is just too much

So - determining and defining a CIDR is difficult. If it's too difficult, that OK. It's optional and you still have a way to refine how your colleagues access certain resources: you can make them log in every time they access a particularly sensitive cloud service everywhere.

What does that mean? Say you have a super critical resource; for example, AWS. You can make sure a usr authenticates anytime a user tries to access AWS regardless of their location. You simply do this by disabling SSO for that service. You can do this in the Default Location configuration.


Version 1.0.0 | 07/26/2023