How to make SaaS application accessible only on intranet?

Question

We are a SaaS-based product but one of the client requirement is to make our application accessible only on their intranet. Is that even possible?

Do you mean without a firewall? – user Jun 11 '21 at 16:52 — user, Jun 11 '21 at 16:52

score 2 · Answer 1 · answered Jun 11 '21 at 17:37

Yes, it's possible.

Usually a company will have a border gateway that will NAT every request to the outside world, so every employee inside their network will be seem outside as having this only IP (or a few ones for load balancing). Even if this is not the case and every computer inside their network have a routable public IP, it can be done.

You only have to configure your firewall to only allow that IP (or that range).

If their IP is dynamic, you have to configure a VPN for that. You could create a tunnel between their network and your platform, so nobody outside their network can reach your application.

score 2 · Answer 2 · answered Jun 11 '21 at 18:08

2

This depends on the capabilities of your SaaS.

If access can be restricted based on IP addresses you can do what ThoriumBR suggested, i.e. restrict it to the public IP address(es) of the company. This might be sufficient or might be not, since this public IP address(es) might also be used from some potentially compromised system in the companies DMZ, like a compromised public facing webserver.
If direct access from the internet can be switched off completely you can create a tunnel from inside the company to the SaaS. This might be some VPN tunnel, SSH based tunnel, (m)TLS tunnel using stunnel or similar. Since the tunnel entry is on the intranet and access to the SaaS is only possible trough the tunnel, the access is essentially intranet only.

answered Jun 11 '21 at 18:08

Steffen Ullrich

184,332
29
363
424

But this approach will block complete access to the application from the internet, as there are many other clients who are happily using it over the internet. – ChallengeMe Jun 12 '21 at 06:05
1

@ChallengeMe: SaaS just means software as a service, i.e. software instance provided and managed by a third party instead of the customer itself. It does not mean a specific implementation. It does not mean that a single instance is run for all customers (multitenancy) but it might also be implemented as a single independent instance per customer. That's why I said it depends on the capabilities of your specific SaaS product - which is completely unknown. – Steffen Ullrich Jun 12 '21 at 06:28

How to make SaaS application accessible only on intranet?

2 Answers2