Score:0

Enforce VPN access to restricted area of our SaaS

us flag

Our Enterprise clients for our SaaS have sensitive data inside their account, and would like to make sure their team are only accessing their accounts on our platform via their existing VPN solutions.

How do we enforce this?

  • IP whitelisting
  • Allow them somehow to set up a VPC to avoid connections going onto the internet? Is this something like AWS PrivateLink?

This is where I quickly get out of my depth.

Ideally, I would be looking for a service where customers can set up the connection from their private network to their account on our SaaS without our intervention. Does such an option exist?

More detail on our setup

Our main SaaS app is a single instance of a Ruby on Rails app and Ruby on Rails API hosted on Heroku.

Users currently connect by logging into the website, where we authenticate via Auth0, which stores the user credentials in their session.

Appleoddity avatar
ng flag
There are many ways to accomplish this. But you haven’t provided enough information about your hosted app to even begin to offer options. Start by clarifying your post and providing enough information about how and where your app is hosted, how clients connect now, etc.
Will Taylor avatar
us flag
Thanks, @Appleoddity - is this sufficient? Appreciate the help!
Score:1
za flag

These SaaSes of yours don't really explain anything, it's like mentioning "I have a computer" all the time.

But judging from my experience, enforcing VPN access is mostly done by implementing IP filters or, if you use Web-applications, by implementing HTTP-based filters in the web servers, returing 403 status pages for clients that attempt to access the application from the outer world.

For nginx it would be something like that:

server {
    my protected.from.outer.world.site;
    listen 80;

    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    allow 172.16.0.0/12;
    deny all;

    location / {
        ...
    }
}

And IP filtering for non-HTTP-based applications and services.

Will Taylor avatar
us flag
Thanks Drookie.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.