Skip to main content

Security

SOPHIE includes security features designed to protect your practice data and control who can access your workspace. This page covers IP restrictions, access requests, and data protection considerations.

IP Restrictions

IP restrictions let you limit access to SOPHIE based on network location. When enabled, team members can only log in from IP addresses you have approved. This is useful for practices that want to ensure SOPHIE is only accessed from the office network.

Why use IP restrictions?

Most dental practices access SOPHIE from the office. IP restrictions add a layer of protection by blocking access from unknown locations -- such as a stolen laptop on a coffee shop network or an unauthorized login attempt from another state.

Setting up IP restrictions

  1. Navigate to Settings > Security.
  2. Toggle IP Restriction to enabled.
  3. Click Add IP Address and enter the IP address or CIDR range for your office network.
  4. Repeat for any additional locations (satellite offices, remote sites).
  5. Click Save.

Once saved, any team member who tries to access SOPHIE from an IP address not on the list will be blocked.

Finding your office IP address

If you are not sure what your office IP address is, visit a site like whatismyip.com from a computer on your office network. The IP address shown is the one you should add to the allowlist.

If your internet provider assigns a dynamic IP address that changes periodically, ask your provider about a static IP or use a CIDR range that covers the expected range.

Excluded users

Some team members may need to access SOPHIE from outside the office -- for example, an office manager working from home or a traveling consultant. Instead of disabling IP restrictions entirely, you can exclude specific users.

Excluded users can access SOPHIE from any IP address, even when IP restrictions are active for everyone else.

To exclude a user:

  1. Go to Settings > Security.
  2. In the Excluded Users section, search for the team member.
  3. Add them to the exclusion list.

Keep this list short. The more users you exclude, the less effective your IP restrictions become.

Access requests

When a team member is blocked by IP restrictions, they are not left stranded. SOPHIE shows them an IP Restricted page that explains why they cannot access the workspace and gives them an option to request access.

What the blocked user sees

  1. A message explaining that their current location is not on the approved list.
  2. Their detected IP address and geographic location.
  3. A Request Access button.

What happens when they request access

  1. The team member clicks Request Access and optionally adds a note explaining why they need access.
  2. SOPHIE sends an email notification to workspace administrators.
  3. The request appears in Settings > Security under the Access Requests section.

Reviewing access requests

As an administrator, you can review pending access requests in the Security settings:

  1. Navigate to Settings > Security.
  2. Scroll to the Access Requests section.
  3. Each request shows the user's name, email, IP address, location, and any note they included.
  4. If the request is legitimate, add their IP address to the allowlist or add the user to the excluded list.
  5. If the request is suspicious, no action is needed -- the user remains blocked.

Access requests help you stay informed about who is trying to reach your workspace and from where.

Data protection

SOPHIE is built with dental practice security requirements in mind.

Encryption

  • All data is encrypted in transit using TLS.
  • Data at rest is encrypted in the database.
  • Authentication tokens are managed securely and refreshed automatically.

HIPAA considerations

While SOPHIE does not store patient health records directly, your SOPs may reference patient workflows, treatment protocols, and office procedures that relate to patient care. Security features like IP restrictions, role-based access, and audit logging help support your practice's HIPAA compliance program.

For a complete view of access controls, see: