# IP-Based access control ### Overview IP-based access control allows organizations to **allow or block user access** based on specific IP addresses or IP ranges.\ This feature helps protect organizational resources by restricting access to trusted networks and preventing unauthorized connections. *** ### I am new. Where should I start? If you are new to IP-based access control, start by understanding the policy modes and preparing the IP addresses or ranges you want to manage. *** ### Purpose IP-based access control is designed to: * Restrict access to trusted IP addresses or networks * Block access from untrusted or suspicious IP ranges * Enhance security for internal systems and administrative access * Support compliance and security best practices *** ### Prerequisites Before configuring IP-based access control, ensure that: * You have administrator or security management permissions. * You know the public IP addresses or IP ranges to allow or block. * You understand the impact of access restrictions on users and integrations. * You have at least one trusted IP available to avoid accidental lockout. *** ### Policy Modes #### Whitelist (Allow) Only users connecting from the specified IP addresses or IP ranges are allowed to access the organization.\ All other IP addresses are denied by default. **Use this mode when:** * Access should be limited to trusted corporate networks * Protecting admin or internal-only systems *** #### Blacklist (Deny) Users connecting from the specified IP addresses or IP ranges are denied access to the organization.\ All other IP addresses are allowed. **Use this mode when:** * Blocking known malicious or untrusted IPs * Restricting access from specific locations or networks *** ### Supported IP Formats You can specify IP addresses or ranges using the following formats: * **Single IP address**\ `192.168.1.1` * **Wildcard format**\ `192.168.1.*` * **IP range**\ `10.0.1.1 – 10.0.1.10` * **CIDR notation**\ `192.168.1.0/24` Multiple IPs or ranges can be entered and separated by commas. *** ### I already understand. How do I proceed step by step? Follow the steps below to configure IP-based access control. *** ### Step-by-Step: Configure IP-Based Access Control #### Step 1: Open IP Access Control Settings * Sign in as an administrator : [Oten Admin | Security Policy & User management](https://admin.oten.live/) * Profile Account → **Admin** * Welcome page **Admin** * Click on menu **Security Policy** → **Access Security** * Click button **Create access security** *** #### Step 2: Enter Basic Information Under **Basic info**, provide the following: * **Access security code**\ A unique identifier used to reference this policy. * **Access security name**\ A descriptive name to help identify the policy. * **Description** (optional)\ Details about the purpose or scope of the policy. *** #### Step 3: Select Policy Mode Choose how access should be controlled: * **Whitelist (Allow)** * **Blacklist (Deny)** *** #### Step 4: Add IP Ranges * Select **Add condition** and choose **IP Allowlist**. * Enter one or more IP addresses or IP ranges using the supported formats. * Review the entered IPs for accuracy. *** #### Step 5: Review and Create Policy 1. Review all settings and IP ranges. 2. Confirm that at least one trusted IP is allowed if using Whitelist mode. 3. Select **Create access security** to activate the policy. *** ### Result Access to the organization is now allowed or blocked based on the configured IP policy. *** ### Important Notes * IP-based access rules take effect immediately after activation. * In Whitelist mode, any IP not explicitly listed is denied. * In Blacklist mode, only listed IPs are denied. * Incorrect configuration may block legitimate users or integrations. *** ### Security Recommendations * Use Whitelist mode for sensitive or admin-only access. * Keep IP policies documented and up to date. * Review IP rules regularly and remove unused entries. * Combine IP-based access control with MFA for stronger security. *** ### Summary * IP-based access control restricts access using IP addresses or ranges. * Two policy modes are supported: **Whitelist (Allow)** and **Blacklist (Deny).** * **Multiple IP** formats are supported for flexibility. * Proper configuration helps prevent **unauthorized access.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://oten.gitbook.io/identity-support/user-guide/business-account/business-owner-default-authority/security-and-governance/enforced-security-policies/ip-based-access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.