Block IP addresses from accessing CyberArk Identity

This topic describes how to add an IP address or range in the Blocked IP Ranges page to block access to CyberArk Identity. In addition you can toggle access using the Disable or Enable options in the Actions menu. Select Disable to set the IP address or range to Inactive; thus allowing access to CyberArk Identity for the selected IP address or range. Select Enable to set the IP address or range back to Active; thus blocking access to CyberArk Identity for the selected IP address or range. This can be helpful if you want to toggle access temporarily without removing the IP range configuration.

To block an IP address or range

  1. Sign in to the Admin Portal.
  2. Go to Settings > Network > Blocked IP Ranges, then click Add.
  3. Enter a name to identify the configuration.
  4. Enter the IP address or range.
  5. Entering 11.222.33.44/5 means you are blocking the IP range of .44 to .49.

  6. Click OK.

The Status column in the Admin Portal indicates the IP range is Active.

To allow a blocked IP range access to CyberArk Identity

  1. In the Admin Portal, click Settings > Network > Blocked IP Ranges.
  2. Select the IP address or IP address ranges that you want to allow access to CyberArk Identity (you can select multiple IP ranges).

  3. Click Actions, then select Disable from the drop-down menu.

    The Status column in the Admin Portal indicates the IP range is Inactive.

    You can select Enable from the drop-down menu to set the IP range status back to Active.

    See the table below for a summary of the Disable/Enable Actions:

    Action

    Status

    Description

    Disable Inactive Selected IP range can access CyberArk Identity.
    Enable (default) Active Selected IP range can't access CyberArk Identity.
 

Define Secure Zones