Restricting access to Zendesk Support and your Help Center using IP restrictions (Enterprise)

Have more questions? Submit a request

19 Comments

  • Josh
    Comment actions Permalink

    Can you please add the ability to apply a name to each IP. When you have a few hundred it gets hard to know which to remove etc.

    5
  • Karen Stephen
    Comment actions Permalink

    I have multiple brands set up.  

    I would like to restrict access to one of the brands by IP.  

    Currently, it looks like it is only possible to set global IP restrictions. Are there plans to add that functionality?

    1
  • Ben Rohrs
    Comment actions Permalink

    @Karen: Unfortunately there isn't a way to do this currently, nor are there current plans to add this capability. Can you please explain a bit more why you'd like to do this?

    0
  • Karen Stephen
    Comment actions Permalink

    @Ben: We currently have 2 brands that we use for public assistance.  We'd like to create a third brand for prototype testing and gathering internal feedback - but we want to restrict that brand to our internal staff, only.  

    Restricting by IP would have let us do that easily, but now it looks like we would need to rely on security through obscurity, instead.  If you have a better suggestion, though, I'd love to hear it!

    0
  • Barbara
    Comment actions Permalink

    In my enterprise version of zendesk, the option referred to in Step 5 ( Agents can bypass IP restrictions using mobile apps) does not exist. 

    If I have the Mobile App enabled and IP Address restrictions enabled and configured, which takes precedence? Does the Mobile App trump the IP Address restrictions or the IP Address Restrictions trump the mobile app? My guess is that the IP Address restrictions trump the mobile app.

    1
  • Jessie Schutz
    Comment actions Permalink

    Hi Barbara! Welcome to the Community!

    I don't see that option in my own test instance, either. I'm going to look into this and see what I can figure out for you!

    0
  • Jessie Schutz
    Comment actions Permalink

    Hey Barbara! I'm so sorry for the delayed response here.

    I did some pretty extensive troubleshooting with a couple Tier 2 advocates and we haven't been able to figure out what's going on here. I'm going to go ahead and get a ticket started for you so our support team can take a look at this with you one-on-one! You'll be receiving an email from me shortly!

    0
  • Marty Whitby
    Comment actions Permalink

    If you enable IP restricted access, is it possible to whitelist users or roles (e.g. Administrators) so that they can access the system from any IP address?

    This was a feature with a CX platform that I previously worked with but I cannot see how this would be configured in Zendesk.

     

     

    1
  • Jessie Schutz
    Comment actions Permalink

    Hey Marty! 

    I'm not sure whether this is possible; I'm going to find someone who can answer your question!

    0
  • Jon Daniels
    Comment actions Permalink

    Hey Marty!

    There are no role exceptions for IP restrictions, these are universal for your account (which is why we advise caution when configuring)

    I agree that this would be a useful feature, so I recommend sharing your feedback here:

    Zendesk Product Feedback

    Thanks for the suggestion!

    0
  • Tom joni
    Comment actions Permalink

    Hi is this also possible for the Professional Plan ?
    If not, which possibility do i have to set up a restriction nevertheless ?

    0
  • Nicole - Community Manager
    Comment actions Permalink

    Hey Tom - 

    Restricting specific IP addresses from accessing your Zendesk is only available on Zendesk Support Enterprise. 

    0
  • Nick
    Comment actions Permalink

    Hi, there's just a single IP address we need to block. How would we set up our IP whitelist ranges to do accept all IP except one?

    -2
  • Hervin Centeno
    Comment actions Permalink

    Hi Nick!

     

    Thanks for reaching out. After digging into this specific function inquiry, unfortunately it appears that it is not possible to block a single IP address. IP restriction in regard to Zendesk access can only be configured to whitelist particular IP addresses. While a dedicated blacklist isn't currently on our roadmap, we do have some community posts championing the feature. These posts are voted on and help shape Zendesk's upcoming features, so if you would like to see it implemented I recommend you lend your voice in support. 

    0
  • Steve May
    Comment actions Permalink

    Hi,

    If I enable IP whitelisting, is the Help Center entirely unavailable (regardless of whether or not I am signed in)?

    I am hoping that users get a 503 error or similar if they are not in the office or on VPN. 

     

     

    -1
  • James Sanford
    Comment actions Permalink

    Hey Steve!

    If IP Restrictions are enabled and a user navigates to your Help Center from an IP that is not allowed they would see the following error page:

    If you'd like your Help Center to be accessible to your customers you can enable "Customers can bypass restrictions" to allow access outside of your IP ranges.

    1
  • Steve May
    Comment actions Permalink

    Great - thank you!

    0
  • Steve May
    Comment actions Permalink

    Hi, 

    I see that Barbara's question must predate the inability to bypass IP restrictions for agents...but the part of her question relating to the official Zendesk app remains a bit of a problem.

    I have switched to Enterprise and have used IP whitelisting on the Help Center, which is awesome.

    But now the mobile app requires VPN? This makes the mobile app far more useless. Notifications don't come through if offsite (unless you want your phone to be on VPN all the time, assuming the VPN doesn't time out after an hour or so). We'd have to fall back to relying on emails to agents in the field since the Zendesk app would almost certainly show "access revoked" most of the time.

    I feel like this restriction is great for desktops and browsers, but is weird for the Zendesk Support mobile app. It isn't very "mobile" if it's never connected... Am I missing something?

    Thanks for any tips.

    0
  • Patrick Bosmans
    Comment actions Permalink

    Hello Steve,

    I found the ticket where Barbara's request was handled.  It appears that this feature was removed because it caused a vulnerability with accounts that didn't appear to be inline with the intended security setting.

    To restrict desktop IP restrictions, but then allow any mobile login offered security concerns that we deemed to high of a risk when it came to the privacy and security of customer data.

    Our apologies if this limits your workflow in this regard.  If you would like to see this feature added back, I might suggest posting in our Product Feedback forum to see if other accounts also feel the same.  Our Dev team regularly goes through our forum looking for requested features and they may be willing to revisit this issue.

    0

Please sign in to leave a comment.

Powered by Zendesk