Skip to main content
IP allowlist lets you restrict access to your enterprise workspace and its apps so that only people on specific networks can sign in. This is useful if your team connects from a known office network or VPN and you want to block access from other locations. Requests from IP addresses that are not in the allowlist receive a 403 Forbidden response. When IP allowlist is enabled, all apps in the workspace are protected by the allowlist.
Important:
  • IP allowlist is only available for enterprise workspaces.
  • Only workspace owners and admins can view or change IP allowlist settings.
  • Blocked access covers:
    • Published apps (people using the app)
    • Apps in builder mode (development and editing)
  • Supported IP formats:
    • Single IP: 192.168.1.1
    • CIDR notation: 192.168.1.0/24
    • IP range: 192.168.1.10-192.168.1.20

Setting up an IP allowlist

  1. Go to your organization’s workspace dashboard.
  2. Click the Security and Auth tab.
  3. Scroll to the IP Allowlist section.
  4. Enable the IP Allowlist toggle.
  5. In the list, enter the IP addresses or ranges you want to allow.
  6. Click Add.
Adding IP allowlist in your workspace

Adding IP allowlist in your workspace

FAQs

Click a question below to learn more about using IP allowlist for your workspace.
If your public IP changes, you need to update the allowlist with the new IP. If your IP changes often, it is usually better to route access through a stable VPN endpoint or office network instead of adding individual home IPs.
No. IP allowlist adds a network-level restriction on top of your existing sign-in and SSO setup. People still need valid credentials to sign in, even if they connect from an allowed IP.
No. IP allowlist controls who can access your workspace and its apps. It does not block or filter outbound connections that your apps make to external services or APIs.