Yes, a public-facing platform can support users on mobile or dynamic networks when access control is designed at the application and identity layer. Instead of blocking the whole environment behind one infrastructure IP allowlist, the application can apply client-specific access policies using user, client, role, IP range, MFA, device trust and exception rules.<\/p>\n
Important:<\/strong> This is a design principle; implementation should be confirmed with the platform security team.<\/p>\n Public knowledge note:<\/strong> This article is intended as general education for verification, compliance, fraud prevention and responsible data-use discussions. It is not legal advice and should not replace your organisation’s own compliance review, regulator guidance, or contractual obligations.<\/p>","protected":false},"excerpt":{"rendered":" Answer Yes, a public-facing platform can support users on mobile or dynamic networks when access control is designed at the application and identity layer. Instead of blocking the whole environment behind one infrastructure IP allowlist, the application can apply client-specific access policies using user, client, role, IP range, MFA, device trust and exception rules. Key points Some clients require fixed-IP access policies. Other users legitimately work from mobile, 3G, LTE, fibre or changing networks. Application-level policy can apply different rules to different clients. Infrastructure controls such as WAF and access restrictions remain useful for broad perimeter protection. What to do next Define the client’s access policy during onboarding. Use MFA and role-based access for higher-risk users. Log source IP and session context. Create approved exception workflows for users who cannot operate from fixed IPs. Important: This is a design principle; implementation should be confirmed with the platform security team. Public knowledge note: This article is intended as general education for verification, compliance, fraud prevention and responsible data-use discussions. It is not legal advice and should not replace your organisation’s own compliance review, regulator guidance, or contractual obligations.<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_eb_attr":"","footnotes":""},"doc_category":[33],"doc_tag":[],"class_list":["post-3936","docs","type-docs","status-publish","hentry","doc_category-public-faqs"],"blocksy_meta":[],"year_month":"2026-06","word_count":187,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"KTO Digital Admin","author_nicename":"tsholo","author_url":"https:\/\/j-cred.co.za\/zh\/author\/tsholo\/"},"doc_category_info":[{"term_name":"Public FAQs","term_url":"https:\/\/j-cred.co.za\/zh\/docs-category\/public-faqs\/"}],"doc_tag_info":[],"_links":{"self":[{"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/docs\/3936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/comments?post=3936"}],"version-history":[{"count":0,"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/docs\/3936\/revisions"}],"wp:attachment":[{"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/media?parent=3936"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/doc_category?post=3936"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/j-cred.co.za\/zh\/wp-json\/wp\/v2\/doc_tag?post=3936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n