Access control is one of the security measures that can be managed by the administrator based on the organization’s security policies. In Backlog, you can restrict access to the Space to only allowed IP addresses. For example, the Space can only be accessed from your office or certain IP addresses.
On top of this, you can enforce two-factor authentication for login within your Backlog space, so every member will need to set up and use two-factor authentication when logging in to the space.
To access the access control settings page, go to Space Settings > Access Control.
IP address restrictions
To limit access to only registered IP addresses, add in the IP addresses allowed to access the space and click Submit to apply the changes.
“Your IP address [IP address]” stated in the red wording sentence refers to your current IP address that you are accessing from. If your current IP address is not on the list, you will not be able to access Backlog from your terminal.
If no IP address is set (leaving the fields blank), access restrictions will not be set, and members can freely access the Backlog space from any IP addresses.
Useful tip!You can specify the range of the IP with the subnet mask. For example, inputting 22.214.171.124, 126.96.36.199/24, 188.8.131.52 / 255.255.255.
Did you know?
- The IP address restrictions feature is available in the Standard plan and higher. The maximum limit of IP addresses varies for each plan accordingly:
- Standard plan: 50
- Premium plan: 100
- Enterprise plan: Unlimited
- When setting up the IP address restrictions, remember to include your current IP address to prevent any access failure after implementing the restrictions.
If you cannot access your Space after setting up the IP address restrictions, please contact our Customer Support team.
Removing access control
To remove IP address restrictions, select X to delete the specific registered IP address and click Submit to apply the changes.
When you have removed all the registered IP addresses, a warning will be displayed to notify that the Space can be accessed from any host/IP address. Click Submit again to apply the final changes.
Enforced two-factor authentication (2FA)
Administrators can enforce two-factor authentication (2FA) for every member when they log in to the Backlog space. If 2FA is enforced in the Space, members will not be able to log in without setting up 2FA for their accounts.
To enforce 2FA, click on the box for “In order to login this space, Two-Factor Authentication is required” and click Save to apply the changes.
Did you know?The enforced two-factor authentication login feature is available only in the Premium plan.
When you have enforced two-factor authentication in the Space settings, it will also apply to the following functions:
- Access to Files (via browser preview and WebDAV*)
- Access to Subversion HTTPS
- Access to Git via HTTPS
- Access to RSS
To access these functions after 2FA is enforced, members are required to use special passwords generated from Backlog for authentication.
However, two-factor authentication does not apply to the following functions:
- Access to Git via SSH
- Access to API using API key
- Import to milestone calendar using private address
*WebDAV is a data transmission protocol which enables web folders to be accessible from your local computer. For more information on using WebDAV/web folders on Backlog, see the Manage files via Windows Explorer or Mac Finder support article.
Common scenarios/errors after two-factor authentication is enforced
- Members are unable to access the Backlog space
If a member who previously disabled two-factor authentication where the administrator has now enabled the setting for all users, they will see an error page informing them that two-factor authentication is required.
To resolve this, click on Please enable Two-Factor Authentication from here, and it will redirect the member to their Nulab Account settings page to set up 2FA.
- Members are unable to access Files, Subversion, Git, and RSS
After enforced two-factor authentication is enabled, members cannot use their normal passwords for basic authentication when accessing Files (via opening in browser and WebDAV), Subversion, Git (HTTPS), and RSS. When the member is accessing these functions, they are required to use special passwords generated in Backlog for authentication.