Q: Can I whitelist IPs for Ideas?
A: Ideas is hosted on different servers from the parent Lifecycle instance. The Ideas servers do not support whitelist controls.
Q: With Ideas, is data encryption at rest supported?
A: No, it is not. There should never be any sensitive data on those forums anyway. It's just for people to say, "hey I want this to work that way", not for posting anything that could be sensitive or mission critical. If someone does that, you should take their computer away. ;)
Q: Does Ideas support SSO?
A: The security model for Ideas is extremely simple and does not interact with the Lifecycle security at all. So make sure people understand that they do not use their Lifecycle logins on Ideas.
Q: Well, then how do I control who can access it?
A: The public vs private setting lets you dictate what email address domains can be used when someone signs up. So you say only people with an @so-and-so.com email address can sign up, then if someone tries to sign up with a gmail account, it will not let them. And it has to be a legit email address because they will have to verify the email address before they can access.