IP-Based access control

Overview

IP-based access control allows organizations to allow or block user access based on specific IP addresses or IP ranges. This feature helps protect organizational resources by restricting access to trusted networks and preventing unauthorized connections.

I am new. Where should I start?

If you are new to IP-based access control, start by understanding the policy modes and preparing the IP addresses or ranges you want to manage.

Purpose

IP-based access control is designed to:

  • Restrict access to trusted IP addresses or networks

  • Block access from untrusted or suspicious IP ranges

  • Enhance security for internal systems and administrative access

  • Support compliance and security best practices

Prerequisites

Before configuring IP-based access control, ensure that:

  • You have administrator or security management permissions.

  • You know the public IP addresses or IP ranges to allow or block.

  • You understand the impact of access restrictions on users and integrations.

  • You have at least one trusted IP available to avoid accidental lockout.

Policy Modes

Whitelist (Allow)

Only users connecting from the specified IP addresses or IP ranges are allowed to access the organization. All other IP addresses are denied by default.

Use this mode when:

  • Access should be limited to trusted corporate networks

  • Protecting admin or internal-only systems

Blacklist (Deny)

Users connecting from the specified IP addresses or IP ranges are denied access to the organization. All other IP addresses are allowed.

Use this mode when:

  • Blocking known malicious or untrusted IPs

  • Restricting access from specific locations or networks

Supported IP Formats

You can specify IP addresses or ranges using the following formats:

  • Single IP address 192.168.1.1

  • Wildcard format 192.168.1.*

  • IP range 10.0.1.1 – 10.0.1.10

  • CIDR notation 192.168.1.0/24

Multiple IPs or ranges can be entered and separated by commas.

I already understand. How do I proceed step by step?

Follow the steps below to configure IP-based access control.

Step-by-Step: Configure IP-Based Access Control

Step 1: Open IP Access Control Settings

Step 2: Enter Basic Information

Under Basic info, provide the following:

  • Access security code A unique identifier used to reference this policy.

  • Access security name A descriptive name to help identify the policy.

  • Description (optional) Details about the purpose or scope of the policy.

Step 3: Select Policy Mode

Choose how access should be controlled:

  • Whitelist (Allow)

  • Blacklist (Deny)

Step 4: Add IP Ranges

  • Select Add condition and choose IP Allowlist.

  • Enter one or more IP addresses or IP ranges using the supported formats.

  • Review the entered IPs for accuracy.

Step 5: Review and Create Policy

  1. Review all settings and IP ranges.

  2. Confirm that at least one trusted IP is allowed if using Whitelist mode.

  3. Select Create access security to activate the policy.

Result

Access to the organization is now allowed or blocked based on the configured IP policy.

Important Notes

  • IP-based access rules take effect immediately after activation.

  • In Whitelist mode, any IP not explicitly listed is denied.

  • In Blacklist mode, only listed IPs are denied.

  • Incorrect configuration may block legitimate users or integrations.

Security Recommendations

  • Use Whitelist mode for sensitive or admin-only access.

  • Keep IP policies documented and up to date.

  • Review IP rules regularly and remove unused entries.

  • Combine IP-based access control with MFA for stronger security.

Summary

  • IP-based access control restricts access using IP addresses or ranges.

  • Two policy modes are supported: Whitelist (Allow) and Blacklist (Deny).

  • Multiple IP formats are supported for flexibility.

  • Proper configuration helps prevent unauthorized access.

PreviousEnforced security policiesNextGeo-based access policies

Last updated