Restricting access to your Zendesk using IP restrictions (Plus and Enterprise)

In the Plus and Enterprise versions of Zendesk, access to your Zendesk can be restricted to specific IP addresses. This means that users from these IP addresses are the only users allowed to log in to your Zendesk. This includes all users.

You can specify ranges of IP addresses, separating each range with a space. Two methods are available to specify a range. The first is to use asterisk (*) wildcards. An IP address consists of four numbers separated by periods, such as You can substitute a single asterisk character (*) for any number group to let Zendesk know that it should accept any value in that space. For example, 192.*.*.* allows any IP address whose first number is 192.

The second way to specify an IP range is to use IP subnet mask syntax. For example, specifies all the IP addresses between and

To set IP restrictions
  1. Click the Admin icon () in the sidebar, then select Security.
    Zendesk Classic: Select the Setting menu, then select Security.
  2. Select the Global tab.
    Zendesk Classic: Select the Access Restriction tab.
  3. In the IP Restrictions section, select Enabled, then enter the Allowed IP Ranges you want to restrict.
  4. Click Save.
Note: Enabling IP based access restrictions can break third party integrations. Be sure to include all external IPs that need access to your account via the Zendesk API.

Allowing customers to bypass the IP restrictions

If you would like your customers to still access your Zendesk outside the IP ranges, and only restrict agent access, select this option.

Allowing your agents to access your Zendesk via mobile apps

To allow your agents to access your Zendesk from native Zendesk apps (iPhone, iPad & Android) regardless of IP address, select this option.

Have more questions? Submit a request


  • Avatar

    Would be good if this could be specified as an IP and subnet mask pair or in CIDR format n.n.n.n/n

  • Avatar

    It would be great if there was a way to restrict IP addresses by role. We have agents that should not be able to login anywhere other than the office they are in, as opposed to our Tier 2 reps or managers who are authorized to work from home or when travelling. Is there anyway to do this?

  • Avatar
    Brandon K.

    Hello rmichel,

    There is currently no way to restrict IP rage specifically by role. This does seem like something that would align with our product vision and might be something good to get in with our current trend of security enhancements. I looked in our feature request forum but couldn't find an existing feature request for this functionality. If you could post an idea in that forum and got some other customers to vote for your idea we might be able to start working on introducing it into the product. You can create a new feature request idea by going here:

  • Avatar
    Pete Willis

    Is it possible to restrict zendesk forums by IP? So within an internal environment the forum are visible without having to login (I realise I can restrict them by role / organization at the moment). But when you are outside the IP range you need to login to view the forums?


  • Avatar
    Ben Rohrs

    @Pete: I believe you're asking for the ability to allow anonymous access to forums within an IP address range, but block anonymous users outside of this IP address range, correct? If so, unfortunately we don't currently have that functionality available as part of the IP restrictions feature.