Block IP addresses from accessing CyberArk Identity

This topic describes how to add an IP address or range in the Blocked IP Ranges page to block access to CyberArk Identity. In addition you can toggle access using the Disable/Enable options in the Actions menu. Select Disable to set the IP address or range to Inactive; thus allowing access to CyberArk Identity for the selected IP address or range. Select Enable to set the IP address or range back to Active; thus blocking access to CyberArk Identity for the selected IP address or range. This can be helpful if you want to toggle access temporarily without removing the IP range configuration.

To block an IP address or range

  1. Log in to the Admin Portal.
  2. Click Settings > Network > Blocked IP Ranges.
  3. Click the Add button.
  4. Enter a name to identify the configuration.
  5. Enter the IP address or range.
  6. Entering 11.222.33.44/5 means you are blocking the IP range of .44 to .49.

  7. Click OK.

The Status column in the Admin Portal indicates the IP range is Active.

To allow a blocked IP range access to CyberArk Identity

  1. In the Admin Portal, click Settings > Network > Blocked IP Ranges.
  2. Select the IP address or IP address ranges that you want to allow access to CyberArk Identity (you can select multiple IP ranges).

  3. Click Actions, then select Disable from the drop-down menu.

    The Status column in the Admin Portal indicates the IP range is Inactive.

    You can select Enable from the drop-down menu to set the IP range status back to Active.

    See the table below for a summary of the Disable/Enable Actions:

    Action

    Status

    Description

    Disable Inactive Selected IP range can access CyberArk Identity.
    Enable (default) Active Selected IP range can't access CyberArk Identity.
 

Set Corporate IP ranges