It would be a good security enhancement if you could limit a user to only be able to log in if they are accessing via the IP address of the Jenkins instance.

By specifying the internal hostname and external hostname, the request could be identified and handled accordingly.

This would be especially useful if you wanted to make sure that no admin configurations could be changed from outside the network.