Looking to restrict access to your account to certain IP addresses? This guide will walk you through the process.
You will be required to have an understanding of IP addresses and IP ranges. If unsure, please get in touch with your IT provider or system administrator for details.
If you don't see the IP Restrictions option (as mentioned below), please ask the Owner of your account to perform these steps.
Before We Begin
- You will need to be logged in as the account administrator.
- Familiarise yourself with the different rule definitions:
- a) Allow - uses two-step verification, if it has been configured
- b) Allow (skip two-step verification) - allows login and bypasses two-step verification
- c) Allow (require two-step verification) - requires two-step verification process upon login
- d) Deny - users will be unable to login
- If you use the API, you are able to restrict access for the API to specific IP's. API access outside those ranges will be blocked.
- You should reconfigure the default rule if required - this is the setting which will apply to anyone who logs in from an IP which has not been set up in your rules. Please note that if you deny access to all IP's not included in the IP rules list, any users in the excluded IP's may become locked out.
- Please be aware that if the account being restricted is a sub-account in your Corporate account structure, users of the head / master account will still be able to access it - even if IP restrictions are in place.
- Open the Account area (⚙️ icon, at top right).
- Select Security from the sidebar.
- Click IP Restrictions.
- Click Add Rule to configure your - to either allow, or deny, access - as required.
Additional Security Measures
You can also enable two-factor authentication (2FA) if you wish.