To enforce compliance standards, we need to make sure:
- Users can’t login unless they are coming from their secured VPN (i.e. their closed set of VPN IPs)
- Users can’t make API requests unless they are coming from their secured VPN (i.e. their closed set of VPN IPs)