By default, users can access the platform from any network address. To restrict access, when the administrator creates or edits a user, they can allow a set of network addresses.
To only allow access from a set of network addresses for a specific user via console and API:
- Go to Users → Edit user → Advanced
- Enter the Allowed CIDRs to specify the network addresses that the user can access the platform from, using CIDR notation
- The user's Allowed CIDRs will have priority over the allowed CIDRs that are inherited from the user's role and/or scope
- The inherited CIDRs will only display if the user has no Allowed CIDRs
- In the API, you can add a comma delimited list of addresses in CIDR format
To restrict access of more than one user at a time, set role and/or scope CIDRs.
Click here to show/hide screenshots of CIDRs for Roles and Scopes
Screenshot: Create a scope with Allowed CIDRs.
Screenshot: Create a role with Allowed CIDRs