IP whitelisting

For security and audit purposes, you may want to limit who can access your institution's PassFort account. 

When you enable whitelisting, only requests coming from an IP address that's on your authorised list will be able to log into your account's Portal and make calls to your API.

Please note that to ensure we can support you, select members of PassFort staff will always have access to your account. Contact us at support@passfort.com to learn more.

To perform actions in the IP whitelisting area (e.g. enable/disable whitelisting, add/remove IP addresses), you need at least Read-only access for any User management role and Read and write access for the IP whitelist role.
If you're using SSO, you should only use PassFort's whitelist feature. If you use Okta's whitelist feature as well, both whitelists will apply for SSO logins and unexpected behaviour may occur.

Configure IP addresses

Whitelisting is disabled by default. 

While it's disabled, you can add, remove, or edit IP addresses. When you're ready, you can enable whitelisting with a click.

Please be sure to add your own IP address to the list before you enable whitelisting, or you'll be locked out of your account.

If you find yourself locked out of your account, contact support@passfort.com and we'll help you regain access.

Add an IP address

  1. Log into the Portal and go to User Management > IP whitelisting.
  2. Click Add IP addresses. The Add IP addresses or ranges dialog is displayed.
  3. In the Add IP addresses field, type the addresses and/or ranges you'd like to add to your whitelist. Separate multiple addresses and ranges with a comma.
  4. Optionally, use the Description field to give the IP addresses and ranges a description. If you choose not to add a description, the description next to the address will be blank.
  5. Click Add. The addresses and ranges are added.
PassFort supports classless inter-domain routing (CIDR) notation.

Edit an IP address description

  1. Log into the Portal and go to User Management > IP whitelisting.
  2. Click the Edit button next to the address or range description you'd like to edit. The Edit IP address dialog is displayed.
  3. Modify the description.
  4. Click Save. The new description is displayed for the IP address or range.

Remove an IP address

  1. Log into the Portal and go to User Management > IP whitelisting.
  2. Click the Remove button next to the IP address or range you'd like to remove. A confirmation dialog is displayed.
  3. Click Remove from the whitelist. The IP address or range is removed.

Enable whitelisting

  1. Log into the Portal and go to User Management > IP whitelisting. When whitelisting is disabled, a notification is displayed at the top of the page.
  2. Ensure you've added your own IP address to the whitelist. Otherwise, when you enable whitelisting you'll no longer have access to your PassFort account. 
  3. If you're using SSO, ensure that you don't have Okta's whitelisting feature enabled. Otherwise, both the Okta whitelist and the PassFort whitelist will apply for SSO logins and unexpected behaviour may occur.
  4. Click Enable IP whitelist. A confirmation dialog is displayed.
  5. Click Enable IP whitelist. Only requests coming from an IP address that's on your authorised list will be able to log into your account's Portal and make calls to your API.

Once you've enabled whitelisting, any user logging in from an unauthorised IP address will see these errors:

  • Portal: You can't sign in from this IP address. Please contact your administrator.
  • API: 403 Forbidden. You can't access PassFort from this IP address.
If you find yourself locked out of your account, contact support@passfort.com and we'll help you regain access.

Disable IP whitelisting

  1. Log into the Portal and go to User Management > IP whitelisting.
  2. Click Disable IP whitelist. A confirmation dialog is displayed.
  3. Click Disable IP whitelist. A notification is displayed at the top of the IP whitelisting page to say that whitelisting is now disabled. Users from any IP address will be able to log into the Portal or make requests to your API.


How did we do?


Powered by HelpDocs (opens in a new tab)