To respond to @YumaHase
With federated single sign-on for SAS Customer Intelligence 360 (CI 360), the customer's identity provider (IDP) is the source of authentication. Yes, the customer can restrict authentication to only specific IPs or networks if the customer is using an IDP vendor or technology that provides this capability.
This IP restriction would only restrict the IP addresses that authenticate through SSO federation, In other words, IP restrictions would only apply to users of the customer’s CI 360 tenants that are managed by the customer’s IDP. If tenant admins have authorized users that are not managed by the customer IDP (for example, SAS employees or other outside consultants/contractors), those users would not be required to adhere to any IP or network restrictions. The IP restriction only applies to the IPs that access the customer's IDP and not all of the IPs that access CI 360. No IP restrictions are implemented or enforced by SAS personnel or the CI 360 systems. If you are referring to the possibility of using a VPN for on-premises, agent-based access to CI 360, the current architecture does not support using a VPN nor the ability to restrict access to specific IP addresses.
... View more