Working from home is increasingly part of our working lives, but the IP restriction on your administrator login can complicate this.
The restriction is there for additional security - mainly to limit access to your working location - and is generally effective because most working locations have a fixed and known IP address, or a small range of addresses.
So what do I do if I need to work remotely?
We've updated the login to instead of just saying that you can't sign in from that location to trigger a process to temporarily enable the IP address you are at:
Copy the code from the email into the box and you'll be signed in. That IP address will be accepted on your account for 5 days.
This is likely to be sufficient in many cases, but there are some more permanent options:
If your organisation has a VPN option that includes proxying the IP address, using that will require no changes to your OpenAthens login as you will still appear to be in the office. VPNs can sometimes have concurrency limits, or slow down when multiple people are using them though, so might not be able to handle situations where an unusually high number of people are working remotely.
If your home internet connection has an unshared 'static' IP address (one that doesn't change) then you can add it to your account without any concern. If you are in this situation you are probably already aware of it as it is usually an option at additional cost, but your internet provider will be able to confirm that.
In most cases your IP address at home is not only variable, but there can be many other homes behind the same address (don't worry, it doesn't mean they can access your devices).
Your internet service provider will be able to tell you the IP ranges that could be assigned to you, but you can also define them by hostname - e.g.
The easiest way is to perform a whois lookup on your IP address. Start by looking up your IP address as described on the right of this page and copy it.
Now search for 'whois' and pick one of the results. The page should give you a box to paste your IP address into. It will then lookup information about it. There are two lines you're interested in.
If there's a line saying 'resolve host' then replace everything before the first . with an asterisk - e.g. change
host-89-240-137-40.myisp.net to be
*.myisp.net and pop that on your admin login as described to the right.
If there's no resolve host line, look for the inetnum line. This will probably says something along the lines of
22.214.171.124 - 126.96.36.199 and you'll need to enter that in the admin area as
120.98.0-255.0-255 (the ranges need to be within the octets).
Entering a range can cover a surprising number of connections though, potentially as many as all of that provider's subscribers.
Whilst not recommended, it is possible to remove the IP restriction entirely. Whilst this is the least secure option, it is not "no security at all" as there is still the username and password. This should only be used where other options are unavailable or impractical though.
To enable any IP address in the world, add
0-255.0-255.0-255.0-255 to the list of addresses
How to look up your IP address
In almost any search engine, enter IP address as the search term. The few that don't display your address will list services that will.
It will look like 4 numbers between 0 and 255, separated by dots:
How to add an IP address to your administrator login
It is best to do this yourself, before you need to sign in from the remote location.
- In the administration area, click the my account icon at the top of the page
- Go to the permission tab
- Edit the authorised address and save
You can enter IP addresses, ranges and hostnames. Wildcards can be included, but not CIDR notation. Your current IP address is displayed below the box - handy if you have signed in using the emailed code and want to make that address more permanent.
For more detail about your administrator login and organisation account, see: About Organisation accounts