Skip to main content

Using PassFort

IP whitelisting

For security and audit purposes, you may want to limit who can access your institution's PassFort account.

When you enable whitelisting, only requests coming from an IP address that's on your authorized list will be able to log into your account's portal and make calls to your API.

Note that to ensure we can support you, select members of PassFort staff will always have access to your account. Contact us at support@passfort.com to learn more.

To perform actions in the IP whitelisting area (e.g. enable/disable whitelisting, add/remove IP addresses), you need at least Read-only access for any User management role and Read and write access for the IP whitelist role.

If you're using SSO, you should only use PassFort's whitelist feature. If you use Okta's whitelist feature as well, both whitelists will apply for SSO logins and unexpected behavior may occur.

Configure IP addresses

Whitelisting is disabled by default.

While it's disabled, you can add, remove, or edit IP addresses. When you're ready, you can enable whitelisting with a click.

Please be sure to add your own IP address to the list before you enable whitelisting, or you'll be locked out of your account.

If you find yourself locked out of your account, contact support@passfort.com and we'll help you regain access.

Add an IP address

  1. Log into the Portal and go to User Management > IP whitelisting.

    IP whitelisting empty_tab
  2. Click Add IP addresses. The Add IP addresses or ranges dialog is displayed.

    Add IP addresses or ranges_dialog
  3. In the Add IP addresses field, type the addresses and/or ranges you'd like to add to your whitelist. Separate multiple addresses and ranges with a comma.

  4. Optionally, use the Description field to give the IP addresses and ranges a description. If you choose not to add a description, the description next to the address will be blank.

  5. Click Add. The addresses and ranges are added.

    IP whitelisting notification5

Tip

PassFort supports classless inter-domain routing (CIDR) notation.

Edit an IP address description

  1. Log into the Portal and go to User Management > IP whitelisting.

    Disabled whitelist notification4
  2. Click the Edit Pencil icon_no border button next to the address or range description you'd like to edit.

    The Edit IP address dialog is displayed.

    Edit IP address_modal
  3. Modify the description.

  4. Click Save. The new description is displayed for the IP address or range.

    IP whitelisting_tab

Remove an IP address

  1. Log into the Portal and go to User Management > IP whitelisting.

    IP Whitelisting_tab
  2. Click the Remove Bin icon button next to the IP address or range you'd like to remove.

    A confirmation dialog is displayed.

    Remove IP address_modal
  3. Click Remove from the whitelist. The IP address or range is removed.

    Disabled whitelisting notification3

Enable whitelisting

  1. Log into the portal and go to User Management > IP whitelisting. When whitelisting is disabled, a notification is displayed at the top of the page.

    Disabled whitelisting notification2
  2. Ensure you've added your own IP address to the whitelist. Otherwise, when you enable whitelisting you'll no longer have access to your PassFort account.

  3. If you're using SSO, ensure that you don't have Okta's whitelisting feature enabled. Otherwise, both the Okta whitelist and the PassFort whitelist will apply for SSO logins and unexpected behavior may occur.

  4. Click Enable IP whitelist. A confirmation dialog is displayed.

    Enable whitelisting_modal
  5. Click Enable IP whitelist. Only requests coming from an IP address that's on your authorized list will be able to log into your account's portal and make calls to your API.

    Once you've enabled whitelisting, any user logging in from an unauthorized IP address will see these errors:

    • Portal: You can't sign in from this IP address.Contact your administrator.

      Portal error_IP whitelisting
    • API: 403 Forbidden. You can't access PassFort from this IP address.

      API error_IP whitelisting

If you find yourself locked out of your account, contact support@passfort.com and we'll help you regain access.

Disable IP whitelisting

  1. Log into the Portal and go to User Management> IP whitelisting.

    IP whitelisting_tab
  2. Click Disable IP whitelist. A confirmation dialog is displayed.

    Disable IP whitelist_modal
  3. Click Disable IP whitelist. A notification is displayed at the top of the IP whitelisting page to say that whitelisting is now disabled. Users from any IP address will be able to log into the Portal or make requests to your API.

    Disabled whitelisting notification