Restrict a User to an IP Range

Administration Guide

As an option, you can restrict a user so that they can only login from a machine within a predefined IP address range. You can use this option to ensure that no one can use the user credentials outside of a corporate environment or to restrict access to a user to a certain machine. IP range restrictions are optional for human and API users.

To restrict a user to an IP range:

  1. From the Administration page, select the user you want to manage. To find the user, you can:
    • Find the user in the table using the Page controls.
    • Filter the list of users by one of the filter options provided (Role, Team, SAML type, Login Enabled, User Type).
    • Search for the user's name (first or last name) using the Search field.
    • Select the user from the Load User Details dropdown menu.
      Note: You can type the last name of the user to jump to that user, then press Enter to select the user.
  2. Click the user name or the Edit button to open the user for editing.
  3. If the user is a Human Login, set the Restrict Login IP to Yes.
  4. Enter the valid IP ranges in the Allowed IP Addresses text field. You can enter more than one address or address range, separated by commas. You can specify an address range using a wildcard (e.g. 74.0.0.*) or a range (e.g. 74.0.0.[0-99]). Note that wildcards are only valid in the last octet of the address; i.e., 74.0.*.* is not a valid range. Please provide an externally valid IP address, not a private IP address like 10.0.0.x.
  5. Click Save to apply the valid IP address ranges to the user.

Troubleshooting

If the IP range is set incorrectly, the user will not be able to log in. If you do not know the IP range for the user, you can use the Activity Log to see the IP address from which the user is attempting to log in, then grant access to that IP range.