Whitelist Access to SaaS Tools
SaaS tools are taking over.
Long gone are the days where employees had to have dozens of tools installed directly on their desktop, clogging up memory and slowing down computer performance. IT professionals no longer have to go from desk to desk to install programs and check for updates. With SaaS tools on the rise, more and more productivity and workplace tools are hosted by third-party providers directly over the internet.
Just about any software your business needs, you can find it as a software-as-a-service application. What are some of your favorite tools?
- There are communication tools like Slack, Webex, and Flock. These allow teams to chat with each other throughout the day, host meetings, and share files and notes.
- Project management tools like Jira, Confluence, and Airtable make it easy to keep track of projects, collaborate on work, and get insight into performance and analytics.
- There are file-sharing tools like DocuSign, Google Drive, and Dropbox that provide a way to store, synchronize, and share files, and procure secure electronic agreements.
- On top of all that, there are security tools like Authy, Bitwarden, and OpenVPN Cloud. These tools offer security ranging from password storage and multi-factor authentication to encrypted, remote access.
However, because SaaS tools are hosted over the internet, additional steps have to be taken to ensure only authorized entities can access those resources. Because of this, many IT professionals turn to whitelisting.
OpenVPN Cloud For SaaS
IP whitelisting is a commonly used security feature that allows you to determine exactly who can access specific resources. With whitelisting, you simply create a list of approved IP addresses, and only those addresses (or ranges) can access your resources — including your SaaS tools.
On top of that, using OpenVPN Cloud greatly improves network security. Adding IP whitelisting as the only access point to your SaaS now enforces only authorized access, coming from encrypted traffic. By setting this up, you protect data in transit, and you gain better visibility into your network, such as monitoring and auditing. This gives you important clarity for security-critical events. And with OpenVPN Cloud, you don’t need to approve items in the budget for capital expenses because you eliminate up-front costs of servers.
IP whitelisting without a VPN is difficult because you would have to create a list of all the IP addresses for all the contractors — and their IP addresses could change, making it more time consuming to stay on top of. When VPN is used, all the traffic comes to the VPN first and then exits out of the VPN to reach the SaaS provider. NAT can be used to change the source IP address of the traffic reaching the SaaS provider to be that of the Internet Gateway. Instead of a whitelist of many IP addresses, only the IP address of the VPN’s internet Gateway needs to be in the whitelist.
When someone leaves the company, it might take time to deactivate all their accounts in various SaaS tools, and there is a risk that some account deactivations might be missed. With a VPN Internet Gateway’s IP address serving as the whitelist, only the VPN for that person needs to be disabled, and you can rest easy knowing access to all the whitelisted SaaS tools is no longer possible. The SaaS accounts can be deactivated later after disabling the VPN.
Cloud In Action
Consider a startup headquartered in San Francisco, California. Many of the team members are 1099 contractors working from their homes all around the world. They work from their own laptops and cell phones to complete their assigned tasks. Their devices are all different brands and ages and with wildly different computing capabilities. To prevent any issues from arising, like some team members not being able to download specific tools on their computer, the company shifted all their primary services over to SaaS providers. Now, as long as the team has reliable internet access, everything they need is right at their fingertips.
With contractors connecting from so many different locations, the IT director knows it is crucial to ensure their internet traffic is secured and encrypted. And with all of the tools being shifted to SaaS, he also wanted to ensure that the resources were secure so that only authorized users could gain access. He decided a VPN was the best route to go — but didn’t want to manage, install, or maintain VPN servers. In addition, he wanted to curtail access to the SaaS tools so that they can be accessed only through the encrypted VPN tunnel using IP Whitelisting. He chose OpenVPN Cloud because it fits all his needs.
Setting Up Cloud For Whitelisting to SaaS
The IT director completed the OpenVPN Cloud signup process. He set up his new, private VPN to accept and route Internet traffic by configuring one of his Networks as VPN Egress. He then restricted access to SaaS-based applications on the public IP address of the Egress. Here is how you can do it too:
- In OpenVPN Cloud Admin Portal, create a Network named 'Internet Gateway' for use as the VPN Egress.How to add a Network and Adding VPN Egress
- Install a Connector from the ‘Internet Gateway’ Network on a network server to route Internet traffic. Enable routing for the server.Connecting Networks to OpenVPN Cloud Using Connectors
- Set up Internet routing for connected users to ‘Split Tunnel OFF’ so their internet traffic also enters the encrypted VPN tunnel.Changing User Group’s Internet Access
- When users are connected to OpenVPN Cloud, the public IP address of their device matches the public IP address of the Connector instance.
- Whitelist that IP address in the SaaS applications and restrict logins.
- Add more employees as users using their email addresses.
For more detailed steps and imagery, take a look at our set-up guide to provide whitelist access to SaaS tools with OpenVPN Cloud.