jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity

[Improvement]: Add a Note to Mention that IdP Connectivity (OIDC/SAML + SCIM) will not be Impacted when IP Allow List is enabled at the Enterprise Level (#56494)

Browse Source 
Co-authored-by: Vanessa <vgrl@github.com>
This commit is contained in:
Justin Alex
2025-07-14 12:51:08 +10:00
committed by GitHub
parent ba784129f8
commit 6467e89b70
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
View File

@@ -23,6 +23,9 @@ redirect_from:
By default, authorized users can access your enterprise's resources from any IP address. You can restrict access to your enterprise's private resources by configuring a list that allows or denies access from specific IP addresses. {% data reusables.identity-and-permissions.ip-allow-lists-example-and-restrictions %}
> [!NOTE]
> If your enterprise uses {% data variables.product.prodname_emus %}, enabling the IP allow list does not restrict user provisioning actions performed through SAML/SCIM, OpenID Connect (OIDC) with Entra ID, or via REST API endpoints. For more information, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim).
If your enterprise uses {% data variables.product.prodname_emus %} with Microsoft Entra ID (previously known as Azure AD) and OIDC, you can choose whether to use {% data variables.product.company_short %}'s IP allow list feature or to use the allow list restrictions for your identity provider (IdP). If your enterprise does not use {% data variables.product.prodname_emus %} with Azure and OIDC, you can use {% data variables.product.company_short %}'s allow list feature.
{% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %}
@@ -56,8 +59,8 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security %}
1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list", select the **IP allow list configuration** dropdown menu and click **GitHub**.
1. Under "IP allow list", select **Enable IP allow list**.
1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list," select the **IP allow list configuration** dropdown menu and click **GitHub**.
1. Under "IP allow list," select **Enable IP allow list**.
1. Click **Save**.
### Adding an allowed IP address
@@ -119,7 +122,7 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security %}
1. Under "IP allow list", select the **IP allow list configuration** dropdown menu and click **Identity Provider**.
1. Under "IP allow list," select the **IP allow list configuration** dropdown menu and click **Identity Provider**.
1. Optionally, to allow installed {% data variables.product.company_short %} and {% data variables.product.prodname_oauth_apps %} to access your enterprise from any IP address, select **Skip IdP check for applications**.
1. Click **Save**.