Skip to main content
Skip table of contents

Manage the IP Allowlist

Overview

This feature provides enhanced security and efficiency by enabling Mend AppSec Platform organization administrators to easily manage access to the Mend organization using an intuitive IP Allowlist interface which supports Classless Inter-Domain Routing (CIDR).

  • Users will be blocked from logging in if their IP address is not on the IP Allowlist.

  • You can configure individual IP addresses (e.g., 192.168.0.0) or CIDR IP ranges (e.g., 192.168.0.0/24) in the IP Allowlist.

  • The IP Allowlist applies to both the UI and the API. 

Known Limitations

  • Although individual IP addresses configured in the Legacy SCA application’s whitelist will be applied and displayed in Mend AppSec Platform’s IP Allowlist, CIDR is not supported in the Legacy SCA application, meaning that IP ranges configured in the IP Allowlist will not show up in the Legacy SCA application’s whitelist.

Getting it done

Note: By default, only Organization Administrator users can configure the IP Allowlist.

  1. Click the cogwheel icon in the upper-right corner of the GUI and select Administration:

image-20250609-085545.png

  1. Select IP Allowlist from the Administration menu on the left:

    image-20250610-170126.png

  2. This will take you to the IP Allowlist configuration page:

    image-20250610-171326.png

The Allowlist Configuration Page

Add New IP Addresses/Ranges

  1. Click the +Add IP Address (image-20250609-093550.png) button at the upper-right corner to open the wizard for adding a single IPv4 address or a CIDR IP range to the table of allowed IP addresses/ranges.

    image-20250610-164050.png

    1. An /N or /NN at the end of an added IP address (e.g., /6 or /24) indicates it’s a CIDR IP range.
      Example: “192.168.0.0/24”.

    2. Inputted IP formats undergo automatic validation. Entries can only be saved after validation.
      The system also prevents duplicate entries from being created.

      image-20250610-164459.png

      Example: Invalid IP Format

  2. (Optional) It is recommended to provide a meaningful description to help identify the entry.

  3. Save the entry by clicking the Add IP Address (image-20250610-164828.png) button at the bottom-right.

  4. Enable/disable the IP Allowlist feature using the toggle at the top.
    Note that you can add entries when the toggle is disabled, allowing you to work on an exhaustive IP allowlist without risking blocking your users in the meantime.
    As long as the feature is disabled (image-20250610-170906.png), a corresponding indication will be displayed at the top:

    image-20250610-165903.png

    Once enabled (image-20250610-170951.png), the indication will change to:

    image-20250610-170613.png

Note: There must be at least one active IP entry when the allowlist feature is enabled.

Note: The Allowlist table contains an indication of the user’s own IP address as well as its existence in the allowlist table, to prevent users from accidentally blocking themselves from accessing the platform.

Edit/Disable/Delete Existing IP Addresses/Ranges

Individual entries can be edited, disabled or deleted using the Actions menu at the far right:

image-20250609-100725.png
image-20250610-165602.png

Note: The last active IP cannot be disabled or deleted while the allowlist feature is enabled.

Searching IP Addresses

You can search for a specific IP address, to determine if it’s included in the allowlist. IP ranges will be taken into consideration and indicated in the search results, if applicable.

image-20250610-172558.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close