Restricting Remote Access to SupportAbility

We recommend configuring the whitelist of allowable static IP addresses in the Remote Access tab of System Preferences to give your organisation control over who has the ability to access SupportAbility outside of your offices. 

This whitelist of allowable static public IP addresses generally represents an organisation's offices or physical locations in which Staff require access to SupportAbility from. Once this whitelist is configured, if Staff Members try to access SupportAbility from an IP address outside of this allowable whitelist, SupportAbility will deny access, unless Staff Members have been granted the Remote Access privilege. 

If this is  not configured, all Staff can access SupportAbility remotely, regardless of the public IP address they use to connect with, and regardless of whether they have been granted the 'Remote Access' Staff Account Privilege. 

Audience: Authorised Representatives, IT Specialist

Privacy considerations

SupportAbility contains very private Client details and depending on the system configuration, those details can potentially be mobile meaning that Staff can access this information outside your organisation.  

It is important that Staff Members are educated to understand what constitutes a safe and acceptable environment to access SupportAbility.  For example, you would not want Staff accessing SupportAbility within a busy café where others may be able to peer over their shoulders to view private client details.  For this reason, it is important to educate Staff and have them sign off on your privacy policy that clearly outlines your organisation's expectations with regards to usage, access, and privacy.  

We recommend that Staff only be granted the Remove Access Staff Account Privilege if they have signed off on your organisation's privacy and access policy, and their job role requires accessing SupportAbility from outside your organisation's offices.

How to restrict Remote Access

SupportAbility does not restrict remote access by default, and if this is required, it must be configured. We understand that many disability service providers do not have dedicated IT staff and so we are happy to assist you to put these restrictions in place. Alternatively, if you do have IT Staff with access to SupportAbility, we will also provide instructions on how to manage the remote access configuration yourself.

Ask us to restrict Remote Access for you

If you do not have dedicated IT staff, we are happy to assist you in restricting remote access to SupportAbility. To get started, please send an email to your IT provider containing the following text and then send us their response:

SupportAbility is able to restrict remote access to their system.  We would like to configure this aspect of SupportAbility for privacy and security purposes:  In order to do this they require the static public (WAN) IP address for each office location. 

Please also inform us if there are office locations that do not currently have a static IP address, as Staff working at these locations will need to have the Remote Access Privilege granted.

Once this information has been received from your IT provider, please forward this via your  Authorised Representatives to support@supportability.com.au for us to configure this for you.  

How to Configure Remote Access

If you have internal IT Staff with access to SupportAbility, or Staff who understand the IP addresses you can choose to configure this via System Preferences. The System Preferences privilege is required to configure remote access.

There is a video in the Administration section of the Learning Centre which explains the Remote Access configuration process or you can use the instructions below:

1. Log into SupportAbility.
2. Click on the System Preferences button in the Main Menu on the left hand side of the dashboard.  If you do not see the System Preferences button, your account has not been given the System Preferences privilege and this will need to be rectified before you continue.
3. Go to the Remote Access tab within System.
4. Click the ' + Add a new IP address range to the whitelist' button to add a new office.
5. Add the Range Name which is usually the office name.
6. If you have a range of public IP addresses you can enter the From IP Address and To IP Address fields to define a range.  However, usually an office has a single public IP address and in these cases, you enter the same IP address in the From IP Address and To IP Address fields.
7. Continue by repeating steps 5 through 6 until you have all of your offices and their public IP addresses registered.
8. Once you have all of your offices added you can enable remote access restriction in SupportAbility by ticking the 'Lock Access To Site IP Addresses Only' checkbox.
   
9. Now the Staff will only be able to access SupportAbility if they are seen as coming from one of the listed IP addresses.  To allow staff to access SupportAbility from outside these IP addresses listed, the Staff member will need the Remote Access privilege granted.