There are times you may want to restrict where your students can view their training. In Schoox you can do this per course for each defined unit in your academy. You can restrict access by IP address or physical address. Please check the following article for some details on how to set up the Location Restriction: How can I restrict access to training based on location?
|IP address||Physical Address|
|Academy Admins can set up each Unit with multiple IP addresses (IPv4 and IPv6), either default IP addresses or Classless Inter-Domain Routing (CIDR). Provided IP addresses are stored in our DataBase.||Academy Admins can set up each Unit with one Physical Address. Schoox validates the provided Physical Address using the Google Maps API. The Google formatted Physical Address, the Latitude, and the Longitude are stored in our DataBase.|
But what checks are performed in order to grant access to a course?
Check #1: Once an hourly worker accesses his course, Schoox checks if the user belongs to the Units where the Course has the Limited Access function enabled.
Check #2: If Check #1 was successful, we can proceed with the evaluation of the IP match. Schoox gets the user's IP address and checks it against Units' IP addresses with the IPset of a third-party library. If the user and the IP address of a Unit match, the user is granted access to the course.
Check #3: If a User fails the IPs-matching and belongs to Units where the course has Limited Access using the Physical Address option set up, then SchooX performs Location-matching.
- SchooX gets User Coordinates (Latitude and Longitude and Accuracy) by HTML 5 Geolocation. HTML5 Geolocation is the industry standard and a robust method for obtaining Coordinates with high Accuracy.
- The user must have set up the browser to allow location sharing, otherwise, the HTML5 Geolocation fails. The user is prompt by the browser to allow location sharing with SchooX.
- If the user selects ‘Don’t Allow’, Location-matching fails and the User is denied access to the Course.
- If the user selects ‘Allow Location Access’, then the HTML 5 Geolocation is applied successfully.
Check #4: SchooX tries to get User Coordinates by HTML 5 Geolocation with High Accuracy enabled.
- If this fails, then SchooX tries to get User Coordinates by HTML5 Geolocation with High Accuracy disabled.
- If both HTML5 Geolocation attempts fail, then the User is denied access to the course.
Check #5: If SchooX successfully gets a set of Coordinates, then it calculates the distance between the user’s Coordinates and the Unit’s Coordinates. Distance is calculated via the Haversine formula.
- If the distance is smaller than [250m + the provided Coordinates Accuracy], then the user is granted access to the course. To ensure a valid result, [250m + provided Coordinates Accuracy] must not exceed 2000m, as accuracy is an order of magnitude greater than the distance of 250m.
- If [250m + the provided Coordinates Accuracy] is greater than 2000m, then the maximum allowed distance is set to 2000m.
- User should provide device-level permission to access location data
- Check→Settings->Schoox app→Permissions→Location is enabled
- Log out and log back into the Schoox app
- Physical address signal (GPS) should be accurate enough to determine user’s location before allowing access to the course
- Open Google Maps (or preferred map app) and press the locate button to ensure the device has the latest correct location
- If the signal isn’t accurate enough, access will be blocked (e.g. Desktop + Ethernet connection)
- For IPv6 we can aggregate all devices in a local network. (Special format input)
- If you have set up the IP Address check:
To troubleshoot the IP Address location restriction, open an IP website and verify that the IP is in your device. Once you do so, verify that this is the exact same IP as the one that is connected to the unit.
- If you have set up the Physical Address check:
Please navigate to the HTML Geolocation API website and select try it. The provided pointer must be very close to the unit coordinates or the user will not be able to access the course.