Skip to main content

Using Passfort

IP allow listing

For security and audit purposes, you may want to limit who can access your institution's Passfort account.

When you enable allow listing, only requests from an IP address on your authorized list can log into your account's portal and make calls to your API.

To ensure we can support you, selected members of Passfort staff will always have access to your account. Contact us at support@passfort.com to learn more.

To perform actions in the IP allow listing area, such as enabling or disabling allow listing and adding or removing IP addresses, you need at least Read-only access for any User management role and Read and write access for the IP allow list role.

If you're using SSO, you should only use Passfort's allow list feature. If you also use Okta's allow list feature, both allow lists will apply for SSO logins, and unexpected behavior may occur.

Configure IP addresses

Allow listing is disabled by default.

You can add, remove, or edit IP addresses while the allow list is disabled. Add your IP address to the list before you enable allow listing, or you'll be locked out of your account.

If you are locked out of your account, contact support@passfort.com, and we'll help you regain access.

Add an IP address

  1. Log into the portal and go to User Management > IP allow listing.

    IP allow listing tab with no IP addresses listed.
  2. Select Add IP addresses. The Add IP addresses or ranges dialog is displayed.

    Add IP addresses or ranges dialog.
  3. In the Add IP addresses field, type the addresses and/or ranges to add to your allow list. Separate multiple addresses and ranges with a comma.

  4. Optionally, use the Description field to give the IP addresses and ranges a description. If you choose not to add a description, the description next to the address will be blank.

  5. Select Add. The addresses and ranges are added.

    IP allow listing page showing notification that the list is disabled.

Tip

Passfort supports classless inter-domain routing (CIDR) notation.

Edit an IP address description

  1. Log into the portal and go to User Management > IP allow listing.

  2. Select the Edit Pencil icon_no border icon next to the address or range description you want to edit.

    The Edit IP address dialog is displayed.

    Edit IP address dialog
  3. Modify the description.

  4. Select Save. The new description is displayed for the IP address or range.

Remove an IP address

  1. Log into the portal and go to User Management > IP allow listing.

    IP allow listing page showing notification that the list is disabled.
  2. Select the Remove Bin icon icon next to the IP address or range you want to remove.

    A confirmation dialog is displayed.

    Remove IP address confirmation dialog.
  3. Select Remove from the allow list. The IP address or range is removed.

Enable allow listing

  1. Log into the portal and go to User Management > IP allow listing. When allow listing is disabled, a notification is displayed on the page.

    IP allow listing page showing notification that the list is disabled.
  2. Ensure you've added your own IP address to the allow list. Otherwise, when you enable allow listing, you'll no longer have access to your Passfort account.

  3. If you're using SSO, ensure you don't have Okta's allow listing feature enabled. Otherwise, both the Okta allow list and the Passfort allow list will apply for SSO logins, and unexpected behavior may occur.

  4. Select Enable IP allow list. A confirmation dialog is displayed.

    Enable IP allow list confirmation dialog.
  5. Select Enable IP allow list. Only requests from an IP address on your authorized list can log into your account's portal and make calls to your API.

    Once you've enabled allow listing, any user logging in from an unauthorized IP address will see these errors:

    • Portal: You can't sign in from this IP address. Contact your administrator.

    • API: 403 Forbidden. You can't access Passfort from this IP address.

If you are locked out of your account, contact support@passfort.com , and we'll help you regain access.

Disable IP allow listing

  1. Log into the portal and go to User Management > IP allow listing.

    IP allow listing page showing IP addresses that have been allowed to access Passfort.
  2. Select Disable IP allow list. A confirmation dialog is displayed.

    Disable IP allow list confirmation dialog
  3. Select Disable IP allow list. A notification is displayed on the page to say that allow listing is now disabled. Users from any IP address can log into the portal or make requests to your API.