List IP addresses in an IP list, then use the IP list in a Conditional Access Policy. For example, you could create an IP list with all of the IP addresses used in your office. Then you can use the IP list in a policy that requires users to authenticate with MFA when they access a resource from an IP address that isn’t on the list.
Navigating IP Lists in the Admin Portal
From the IP Lists list view and configuration modal, you can create and manage lists of IP addresses.
IP Lists List View
To find the IP lists list view:
- Log in to the Admin Portal: .
- Go to SECURITY MANAGEMENT > Conditional Lists.
From the list view, you can create and delete IP Lists.
- Learn more about Managing IP Lists.
IP Lists Configuration Modal
To find the new IP list configuration modal:
- Log in to the Admin Portal: .
- Go to SECURITY MANAGEMENT > Conditional Lists.
- Click ( + ).
The new IP List modal is where you create a list of IP addresses to use with a Conditional Access Policy. Enter a List Name, a description if you’d like, and IP addresses.
For IP addresses, you can enter them using a combination of any of the following methods:
- Individually on separate lines:
192.0.2.10
2001:DB8::/32
- Enter a range with a (-): 198.51.100.0 - 198.51.100.255
- Enter a range with CIDR notation: 198.51.100.0/24
Find out more about Creating IP Lists.
Using IP Lists with Conditional Access Policies
Use your IP lists in Conditional Access Policies to deny, restrict, or ease access to resources based on the network users are authenticating from.
To create a Conditional Access Policy with an IP List:
- Create an IP List.
- Learn how to Configure Conditional Access Policies.
If you’re not sure where to start, here are a few ideas for policies you can create with IP lists:
- Lock down access to resources with a policy that denies access when a user isn’t on the corporate private network or on a VPN.
- Add an extra layer of security with a policy that requires users to authenticate with MFA when they’re on a VPN.
- Relax user access to resources with a policy that doesn’t require MFA when a user is on a corporate private network.