Require 2FA and restrict panel access by IP

The Access settings in your account's Data & security tab let you tighten who can reach the panel and from where. You can require every member to turn on two-factor authentication, and you can limit panel access to specific IP addresses or networks, for example so printers can only be controlled from on-site. This guide covers both.

What you'll find here

• Requiring two-factor authentication
• Restricting panel access by IP
• What to block for unlisted IPs
• Keeping yourself from being locked out
• Exemptions and API keys
• Temporary access

Requiring two-factor authentication

Two-factor authentication (2FA) adds a second step to sign-in, so a password alone isn't enough to get into an account. By default each member decides whether to enable it. On the Enterprise plan you can make it mandatory for everyone.

1. Go to Settings → Data & security → Access settings.
2. In the Two-factor authentication card, turn on Require 2FA for all members.
3. Save.

From then on, any member without 2FA sees a lock screen prompting them to set it up before they can use the panel. The card shows how many of your members already have 2FA on, and how many will be prompted on their next visit.

Restricting panel access by IP

Panel IP restrictions limit where the SimplyPrint panel can be used from. Members connecting from an address you haven't allowed are blocked, in whole or in part, based on the rules you choose. A common use is to make sure printers can only be controlled from inside a school or workshop.

1. Go to Settings → Data & security → Access settings.
2. In the Panel IP restrictions card, enter your allowed IPs or ranges, separated by commas. You can use individual IPv4 or IPv6 addresses, or CIDR ranges like 10.0.0.0/24.
3. Optionally add a custom restriction message that blocked members will see, for example "You must be on-site to access the printers."
4. Choose what to block for unlisted IPs (see below).
5. Save.

Leave the allowed list empty to switch IP restrictions off.

What to block for unlisted IPs

You don't have to block everything, you choose how strict to be. When a member connects from an IP that isn't on your allowed list, you can block:

• Everything - no access at all.
• Printer page - they can't open the printers page.
• Printing - they can't start prints (but can still pause or cancel, unless you also block print actions).
• Print actions - cancel, pause, resume and skip-objects.
• Camera viewing - they can't see printer cameras.

Stricter options include the ones below them, so blocking the whole printer page also blocks printing from off-site.

Keeping yourself from being locked out

The card shows your current IP and whether it matches your allowed list, with an Add current IP button so you can include it in one click. If your own address isn't covered, you'll see a warning before you save.

Exemptions and API keys

• Group exemption - any user group can be marked Exempt from IP restrictions, so trusted roles keep working from anywhere. See User groups and permissions.
• API access - tick Also apply to API key access to extend the same rules to API keys. OAuth2 integrations are always exempt.

Temporary access

The same Access settings tab also holds the Temporary access default, which decides what happens to a timed member when their access expires. That's covered in its own guide: Give a member temporary access.

Related articles

• Managing your users: the Users page
• Give a member temporary access
• User groups and permissions
• Set up single sign-on (SSO)

Updated on: 16/06/2026