Security & compliance
IP Whitelisting Guide
Follow these steps to restrict dashboard and API access to the networks you trust. This printable checklist keeps your compliance and IT teams aligned.
Plan Your Network Ranges
- Collect the public IP addresses for HQ, branches, VPN tunnels, and cloud desktops.
- Group addresses by environment (production, staging) so you can toggle them separately.
- Decide on a fallback network such as a VPN or secure bastion for emergency access.
- Coordinate with your IT team to ensure IPs stay static or are updated when providers change them.
Add IPs to the Dashboard
- Go to Settings → Security → IP Whitelisting.
- Click “Add range”, choose IPv4/IPv6, and enter single IPs (e.g., 196.190.10.24) or CIDR blocks (196.190.10.0/24).
- Label every entry so you know which office or VPN it refers to.
- Enable enforcement per environment. Most teams start with dashboard access before gating API calls.
Test & Monitor
- After enforcement, have each team verify they can still log in or call APIs from allowed networks.
- Use the Activity Log to confirm that blocked attempts show the proper reason codes.
- Set up webhooks or email alerts for “IP not allowed” events to catch misconfigurations quickly.
- Pair IP whitelisting with RBAC so even allowed networks require role-appropriate permissions.
Maintain the List
- Quarterly: export the whitelist and validate every entry with IT to remove unused ranges.
- Immediately update the list when offices move or VPN providers rotate addresses.
- Document change management so auditors can trace who approved new IPs.
- If contractors need temporary access, add expiry notes and schedule reminders to remove them.
Helpful links
After locking down IPs, review the RBAC Guide and Security Overview to maintain a consistent control framework.