From 2287bc202cccc77ba4a3d04b57888ed2c766d625 Mon Sep 17 00:00:00 2001 From: MikaelaMcGrath Date: Tue, 4 Jun 2024 01:03:55 +1000 Subject: [PATCH] Clarification on org owner IP allow lists and GitHub Apps (#50907) Co-authored-by: Sarah Edwards --- .../managing-allowed-ip-addresses-for-a-github-app.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md b/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md index 1c58eb6568..13295b4de5 100644 --- a/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md +++ b/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md @@ -15,10 +15,14 @@ redirect_from: Enterprise and organization owners can restrict access to assets by configuring an IP address allow list. This list specifies the IP addresses that are allowed to connect. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)." -When an organization has an allow list, third-party applications that connect via a {% data variables.product.prodname_github_app %} will be denied access unless both of the following are true: +When an organization has an allow list, third-party applications that connect via a {% data variables.product.prodname_github_app %} will be denied access unless either of the following condition sets are true: -- The creator of the {% data variables.product.prodname_github_app %} has configured an allow list for the application that specifies the IP addresses at which their application runs. See below for details of how to do this. -- The organization owner has chosen to permit the addresses in the {% data variables.product.prodname_github_app %}'s allow list to be added to their own allow list. For more information, see "[Managing allowed IP addresses for your organization](/{% ifversion fpt %}enterprise-cloud@latest/{% endif %}organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} +- The creator of the {% data variables.product.prodname_github_app %} has configured an allow list for the application that specifies the IP addresses at which their application runs. See below for details of how to do this, and +- The organization owner has chosen to permit the addresses in the {% data variables.product.prodname_github_app %}'s allow list to be added to their own allow list. For more information, see "[Managing allowed IP addresses for your organization](/{% ifversion fpt %}enterprise-cloud@latest/{% endif %}organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#allowing-access-by-github-apps){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} + +or + +- The organization owner has added an IP allow list entry for the IP addresses from which the application runs. See "[Adding an allowed IP address](/{% ifversion fpt %}enterprise-cloud@latest/{% endif %}organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization#adding-an-allowed-ip-address){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} {% data reusables.apps.ip-allow-list-only-apps %}