🇪🇸 Español 🇬🇧 English 🇧🇷 Português

Restrict access by IP address (organization IP allowlist)

Lock down access to your organization to specific IP addresses or network blocks.

Jul 11, 2026

What it is

The IP allowlist restricts sign-in to your Omnifox organization to a specific set of IP addresses or network ranges — your office connection, a corporate VPN, and so on. If your team always works from fixed locations, this adds a strong extra layer of protection even if a password is ever compromised.

Requirements

  • Owner or Admin role (the settings.manage permission).
  • The public IP address(es) or CIDR block(s) your team connects from.

Steps

  1. Go to Settings > Security.
  2. Under IP Allowlist, type an IP address or block into the text field (IPv4, IPv6, or CIDR notation, e.g. 190.15.23.0/24).
  3. Click Add.
  4. Repeat for every IP or network you need to authorize.
  5. Click Save changes to apply the policy.

Configuration

  • Each entry can be a single IP (190.15.23.10) or a CIDR block (190.15.23.0/24).
  • The format is validated before saving — an invalid or duplicate entry shows an inline error.
  • Remove any entry individually with its delete button.

Example

Your office has a fixed IP 190.15.23.10, and your remote team exits through a VPN using the block 172.16.40.0/24. Add both entries and save — from that point on, only those two networks can reach the organization.

Tips

  • Before turning this on, add the IP you're currently working from first, so you don't lock yourself out.
  • If your team connects from dynamic IPs (home broadband, mobile data), consider relying on two-factor authentication instead, or use a broad CIDR block from your ISP.

Troubleshooting

  • You locked yourself out: ask another Owner/Admin with access to remove or fix the entry, or contact Omnifox support.
  • A teammate can't sign in: check that their current public IP is on the list — they can search "what is my IP" in their browser to confirm it.
Was this helpful?

Related articles