I'm on a fixed IP and entering that IP in Exceptions field means it works fine for me as super-admin.
Interestingly:
1. If I set the IP range for their provider in the exceptions field and clear their browser cache, they get access for a day or so.
2. When I went back to the exceptions list, it was slightly different from what I had entered
I'm also getting users blocked trying to login on the front of the Joomla site. Renaming /admintools/main.php also gives them access.
I'm also hitting problems with the Stripe account, but I'm guessing that is a need to set WAF exceptions.
At the moment the site is running with admintools disabled.
I welcome your advice.
Terry