I am going to use a web-based erp system in my company. The problem is I don't want my staff to log in anywhere beside at their shop. Since the shop only uses a regular dsl with no static ip and it is too far away to setup a vpn, it will be hard to restrict access based only on ip. Can I install some kind of special cookie or certificate on their browser and use that to recognize access? Or is there a better way to do this?