IP whitelisting for an organization and API key
planned
M
Matan Heled
In order to prevent damage in an event of a leakage of an API key, extra security measures are needed.
By whitelisting specific IP addresses for a Port organization, you reduce the impact of a leakage of API keys for an organization.
Adding whitelisting in an organization level, and in an API key level will help protect customers' data.
Matan Grady
Merged in a post:
Access to Port will be through a secured VPN
A
Ameya Gholap
To enforce compliance standards, we need to make sure:
- Users can’t login unless they are coming from their secured VPN (i.e. their closed set of VPN IPs)
- Users can’t make API requests unless they are coming from their secured VPN (i.e. their closed set of VPN IPs)
Matan Grady
planned
K
Kieron Wilkinson
Hopefully it helps adding my user case, which I suspect is quite common. I work for a large company in the finance industry. As much as I'm excited about the capabilities Port offers, I don't feel that I can argue for it's adoption in the company without this feature.
As with all the other SaaS products we adopt, we need a way to configure Port to only only accept traffic from our network egress IPs, so only devices within our network boundary can access our Port instance. Currently it appears that compromising company data from Port is a credential leak away.
Within our tightly regulated industry we need multiple levels of security controls as well as evidencing that we can protect against both external and internal threats. To do that, we need to ensure we have sufficient data loss protection so that somebody leaves the company, or even with a existing disgruntled employee, has no way of access our systems and data by swapping to their personal device. Currently from what I can see, an employee on our instance would be able to generate an API token (https://docs.getport.io/api-reference/port-api#authentication), type that into a personal device and use it to access company data off network.
Matan Grady
Kieron Wilkinson your concern is clear, we will look into this possibility in the future.