:warning: Role required: The features described in this guide require the Organisation Administrator role. If you do not have this role, contact your organisation's administrator.
IP Access Control allows you to restrict access to your organisation's applications based on the requester's IP address. You define Access Control Lists (ACLs), each containing a set of allowed IP address ranges in CIDR notation, and assign them to specific applications.
When an ACL is enabled and assigned to an application, only requests originating from the listed IP ranges are allowed. All other IPs are blocked.
Note: Each application can only have one ACL assigned at a time.
Navigation
Click on IP Access Control in the left sidebar or on the IP Access Control card on the home page.
The page lists all ACLs defined for your organisation:
| Column | Description |
|---|---|
| ACL Name | Name of the access control list |
| Description | Optional description |
| Enabled | Whether the ACL is currently active |
| Applications | Applications the ACL is assigned to |
Creating an ACL
-
Click New ACL +.
-
Fill in the Access Control Edition form:
Field Description Required ACL Name A unique name for this ACL Yes Enabled Toggle to activate or deactivate the ACL. A disabled ACL has no effect even if assigned to applications No (default: Enabled) Description Optional description to help identify the purpose of this ACL No CIDR List One or more IP ranges in CIDR notation, one per line (e.g. 192.168.1.0/24,10.0.0.0/8)Yes Applications Applications this ACL restricts. Use the shuttle to move applications from the available list (left) to the active list (right) No -
Click Apply to save.
CIDR format examples
| CIDR | Allows |
|---|---|
203.0.113.42/32 |
A single IP address |
192.168.1.0/24 |
All addresses from 192.168.1.0 to 192.168.1.255 |
10.0.0.0/8 |
All addresses from 10.0.0.0 to 10.255.255.255 |
If your organisation uses a corporate VPN, obtain the VPN egress IP range from your IT team and enter it here.
Editing an ACL
- Click Edit next to the desired ACL.
- Update fields as needed.
- Click Apply to save.
Enabling / Disabling an ACL
You can temporarily suspend an ACL without deleting it by toggling the Enabled switch in the edit form. A disabled ACL has no effect: assigned applications are accessible from any IP.
This is useful for temporarily opening access (e.g. during an incident or for a remote workshop) without permanently removing the IP restrictions.
Deleting an ACL
- Click Edit next to the ACL to delete.
- Click Delete (red button).
- Confirm the deletion.
Deleting an ACL removes it from all applications it was assigned to. Those applications immediately become accessible from any IP.
Assigning / Unassigning Applications
Each ACL can protect one or more applications. To update the application assignment:
- Click Edit next to the ACL.
- In the Applications shuttle, move applications to the right-hand list to protect them, or back to the left-hand list to remove protection.
- Click Apply.
Reminder: Each application can only be assigned to one ACL at a time. If you assign an application to a second ACL, it will automatically be removed from the first.
How It Works
- A user tries to access an application (e.g. opens the application URL).
- The Admin Center checks whether the application has an active ACL assigned.
- If yes, the user's IP address is checked against the CIDR list.
- If the IP matches, access proceeds. If it does not match, access is denied.
- If no ACL is assigned, or the ACL is disabled, all IPs are allowed.