Restrict User Login Out Of Premises

I want to disable some users login out of office premises.
How can I do that.

Hi @megha007,

I think, that for use Restrict IP in User.

Please check its documentation.

Thank You!

If I set the IP it is restricting me to login from anywhere, But I want if I set IP user only can login from this IP. Got it ?

So you can set user-wise IP according.

If you set the office IP then the user will only access for office but when the user is out of the office and use his own internet then will not access the desk.

There is the only way to manage your system.

How can I set user-wise IP according? Please tell me

Please check it.

Restrict user from this IP address only
If I set my office IP, it is not permitting that user to login anywhere in the system.


Even not in office network.

if users log in with an office network IP then they use only the office.

Please try and apply it and check it. Then you will understand the concept.

May be you are right. But When I set office IP network, it is not permitting that user to login anywhere in the system even not in office network.

Office IP checks for the first log-in with the office network. After then log out of it.

When logging in with the office network the last IP shows in the security section.

1 Like

You need to use the Public IP of your office network and not the local IP address. Also, make sure that your office has a static public IP, otherwise your public IP will change frequently and your user will not be able to login even from the office due to change in the public IP.

No one wrong here and no is right too.

Actually, disabling by IP address is always tricky.
First because IP address keeps changing, until a leased line with fixed IP is secured in office.
Second, which IP address? Your ERP setup is looking at which IP.

Even if You have fixed IP address, depending on your office network setup, routing on internet or even setup of ERP implementation (multitenant, docker, distributed architecture) you have to make sure which IP is going to hit the erpnext. Besides is it same for all or different for everyone.

So in nutshell, a unrealiable solution.

What I suggest is figure out a way say 2 FA, token generation, ldap auth, vpn etc which works only internally for this restrictive login access.