ClickHelp User Manual

IP Allowlist

Security policies often require that only users from a specific network should be able to access the portal, whereas connections for users belonging to other networks should be prohibited. A bright example is when the portal should only be accessible from office computers or via the office VPN server.

To handle this scenario, ClickHelp offers the IP Allowlist. It allows specifying a certain IP address or a range of IP addresses from which contributors can log in. This setting does not influence anonymous users and Power Readers.

IP Allowlist also takes into account the IP addresses of the intermediary services (such as proxy servers, load balancers, CDNs, etc.) when connection to the portal is made through them.

ClickHelp accepts IPv4, IPv6 addresses, and ranges specified using the CIDR notation.

Configuration

To configure the IP allowlist:

  1. Navigate to Settings → Administration → IP Allowlist.
  2. Select the Allow specific IPs only option.
  3. Specify the desired IP address or a range of IP addresses in the text box below. IP allowlist configuration page
    To specify several IP addresses or ranges, put each record on a separate line.
  4. Save the changes.

That's it! Now, when a Contributor user whose IP address is different from the specified one or is outside of the specified range tries to log in or access any contributor-facing screen, they will get an error message saying they don't have permission to access the resource. 

This is also applicable to API – when making an API call from a not-allowed IP address, the user will get a response with the 403 status code.