cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to restrict BTP access by IP Address?

SAPSupport
Employee
Employee
0 Kudos
94

Dear SAP Team

we have a requirement to handle SAP BTP Launchpad access in below scenarios

As BTP Public cloud is internet based application, is there a way to restrict users?

Scenario is 

  1. if users are in office with in my Company IP range, then no need MFA authentication, they can directly login
  2. if users are using BTP launchpad remotely, then MFA should kick in. as the IP's they are accessing is out of our company IP Range,

------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Accepted Solutions (1)

Accepted Solutions (1)

SAPSupport
Employee
Employee
0 Kudos

Hello,

Thank you for the question!

As this fits into a how-to question, we must proceed via this SAP Community post as this is the correct channel for such questions.

--Symptom--

Is it possible to restrict access to BTP via IP address?

--Environment--

SAP BTP

--Research--

  • Search Terms: BTP restrict access IP
    • 3347865 - Is it possible to restrict platform access to Business Technology Platform (BTP) Global Accounts or subaccounts by IP?

--Solution--

As of now, this is not possible.

But there are alternatives to secure your environment, as described at 3347865 - Is it possible to restrict platform access to Business Technology Platform (BTP) Global Accounts or subaccounts by IP?

Wishing you have a nice week ahead! 😊
Vini
SAP Support
BTP Integrations & Foundation Services | BTP Foundation Technologies

Answers (1)

Answers (1)

dyaryura
Active Participant
0 Kudos

Hello

I wonder why IAS authentication rules are out of the table for this scenario

https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/add-new-authentication-rul...

I Understand that from a technical standpoint a network restriction is different from an authentication restriction but based on the initial requirement I'd say that auth rules in IAS should be a good option considering the outbound public IPs used for internet access in your company