Managing IP Access
Important:
Flexera One’s IP Access Control is a tool to improve security control and align with diverse network configurations and compliance requirements.
You can view and manage the IP Access Control List for your organization from the IP Access Control page (Administration > Identity Management > IP Access Control). On this page, you can perform the following tasks:
| • | Viewing the IP Access Control List |
| • | Adding IP Address Ranges to the IP Access Control List |
| • | Removing IP Address Ranges From the IP Access Control List |
When the IP Access Control List is empty and no IP address range has been defined, the list is disabled. There is no restriction on the connecting IP addresses. Users from any IP address can access the organization, if they have permission.
After the first IP address range is added to the IP Access Control List, the list is enabled and only the users who are connected from the IP addresses included in the IP Access Control List are able to access the organization. In the case when a connected user’s IP address is removed from the IP Access Control List, the user's access to the organization will be blocked immediately.
To prevent potentially locking yourself out, when you make changes to the IP Access Control List, the system will assess whether your own IP address will be included in the list after the change and will reject the change if your own IP address is going to be excluded from the list.
Important:If you are using Flexera Automation, you must allow access to the IP addresses for Flexera One services, as the Automation policies leverage Flexera One services, and Flexera One services themselves call out to other Flexera One services. See Source IP Address Filtering for a list of IP addresses.
Viewing the IP Access Control List
To view what IP addresses are included in the IP Access Control List, go to the IP Access Control page (Administration > Identity Management > IP Access Control). You will see a table containing all the defined IP address ranges.
Adding IP Address Ranges to the IP Access Control List
You can add IP address ranges to the IP Access Control List by using the IPv4 CIDR mask format.
Tip:To add a single IP address, use the CIDR notation /32; for example, “0.0.0.0/32”.
To add an IP address range to the IP Access Control List:
| 1. | Go to the IP Access Control page (Administration > Identity Management > IP Access Control). |
| 2. | Click Add IP Range. |
| 3. | Input Name and IPv4 Range. The IPv4 Range must be in the IPv4 CIDR mask format. If you want to add a single IP address, use the CIDR notation /32. |
| 4. | (Optional) If you want to add another IP address range, click Add Another Range, and input Name and IPv4 Range for the new range. Repeat this step if you want to add more IP address ranges. |
| 5. | Click Save. |
Removing IP Address Ranges From the IP Access Control List
You can remove IP address ranges from the IP Access Control List.
To remove an IP address range from the IP Access Control List:
| 1. | Go to the IP Access Control page (Administration > Identity Management > IP Access Control). |
| 2. | Find the IP address range that you want to remove. |
| 3. | Click the vertical ellipsis menu in that row and click Delete. |
| 4. | Confirm the deletion. |
To bulk remove multiple IP address ranges from the IP Access Control List:
| 1. | Go to the IP Access Control page (Administration > Identity Management > IP Access Control). |
| 2. | Select the checkboxes of the IP address ranges that you want to remove. |
| 3. | Click Delete. |
| 4. | Confirm the deletion. |
Note:If you delete all the defined IP address ranges, the IP Access Control List becomes empty and disabled, which means there is no restriction on the connecting IP addresses.