If Zendesk authentication is enabled, you can restrict access to Zendesk Support to users within a specific range of IP addresses. This means that users connecting from these IP addresses are the only users allowed to sign in to Support. For example, to restrict access to users in your company, specify the IP addresses of your company.
You can specify ranges of IP addresses, separating each range with a space. Two methods are available to specify a range. The first is to use asterisk (*) wildcards. An IP address consists of four numbers separated by periods, such as 192.168.0.1. You can substitute a single asterisk character (*) for any number group to let Zendesk know that it should accept any value in that space. For example, 192.*.*.* allows any IP address whose first number is 192.
The second way to specify an IP range is to use IP subnet mask syntax. For example, 192.168.1.0/25 specifies all the IP addresses between 192.168.1.0 and 192.168.1.127.
You cannot specify IP ranges where the CIDR (Classless Inter-Domain Routing) value is 0. For example, if you specify 10.0.0.0/0, the /0 is invalid.
- In Admin Center, click Account in the sidebar, then select Security > Advanced.
- On the IP Restrictions tab, select Enable IP restrictions, then
enter the Allowed IP Ranges you want to restrict. Note: Enabling IP-based access restrictions can break third-party integrations. Be sure to include all external IPs that need access to your account via the Zendesk API.
- (Optional) Select the Allow customers to bypass IP restrictions check
box.
This option ensures that your customers can access your help center regardless of their IP address, even if their IP address is not in the range of allowed IP addresses.
Agents and administrators cannot bypass IP address restrictions.
- Click Save.
17 comments
Sharon
Hi ZD Support,
I have multiple brands set up and would like to restrict access via IP addresses to 1 brand only. This is meant to allow only internal company employees to submit request. I know someone asked about this 4 years ago but curious if any further work was made on this? Or are there any current plans to add this capability?
Thanks,
Sharon
1
Remi
Hi Sharon,
Thank you for your message here.
I've been investigating this for you, unfortunately, I'm afraid there isn't a feature out of the box in Zendesk that will allow you to restrict IP's on a more granular level (such as brands).
However, I invite you to create a post about that for our product managers to review this possibility for the improvement of our products as your personal experience truly matters : Feedback on Support.
1
Marianne H
By using this article, our System administrator managed to accidentally block all 66 agents access. I am hoping that we gain access soon.
15 minutes
Still no access.
40 minutes and back in.
0
Devan La Spisa
Hello @...,
Sorry to hear you ran into this loss of access on your account. I looked into the ticket you opened up with our Advocacy team, and it appears this issue has been resolved. Let us know, however, if there is anything else we can do to assist.
Best regard.
0
Matthew Feczko
If we switch this on, and want to integrate with services that are on Amazon AWS, how would we enable those services to connect with our Zendesk instance? Since you can't whitelist all of Amazon AWS...
0
Josh
Hi Matthew!
Thank you for reaching out here.
I have checked this for you and understand where you are coming from but I wouldn't recommend enabling this if you are connecting Amazon AWS since you will really need to whitelist every IP address you only like to connect.
I can say it's still possible to enable and whitelist everything but it would consume huge amount of time.
Still, I invite you to create a post for our product managers to review this possibility for the improvement of our products as your personal experience is important: Feedback on Support
I'm sorry and have a good day!
Josh
-1
Yasmine
How do I ban a customer who keeps on spamming us? I need to ban via IP address as the customer keeps on using different email address.
0
Jupete Manitas
Thanks for writing in! We understand that you are getting spam tickets in your Zendesk. By any chance, did you try to check the ticket channel of the spam (Where do spam tickets come from?) and use this guide to prevent them from coming in into your Zendesk? You can use this guide for SPAM prevention tips: I was hit by a spam attack. What do I do now?. We hope this helps!
0
Yasmine
I need to ban a few ticket senders from sending us a ticket using their IP addresses. These people keep spamming our support system and an agent might unintentionally answer them.
0
Arianne Batiles
Hi Yasmine,
Unfortunately, it's not yet possible to ban users via IP address in support. There are customers who are requesting this feature as well here. You can up-vote that post and add your detailed use case to the conversation. Threads with a high level of engagement ultimately get flagged for product managers to review when they go through roadmap planning.
Specific examples, details about impact, and how you currently handle things are the most helpful things to share to help our product teams understand the full scope of the need when working on solutions.
0
Scott Barber
We would love to see the ability to restrict individual agents by IP address or to exclude API calls from this restriction.
Context is that we want to enforce our agents being on a VPN before using the application however, we cannot add our VPN CIDR range because that would break Zapier integration since I cannot practically add the 1000+ CIDR ranges that Zapier uses (the entire AWS us-east-1 cohort of addresses) and maintain them and thus a good chunk of our external systems automation would break.
0
Walter
Hi Anton de Young,
Is there a limit to the number of IP addresses that can be added?
0
Ronie Ranoy
The limit is not with the number of IP Addresses but rather in the number of characters the "Allowed IP ranges" field can accommodate which is 16,777,215 characters.
0
Walter
Hi Ronie Ranoy,
So technically, it can support up to 798,915 IP addresses in CIDR format? I think that probably going to be sufficient. :)
0
Ronie Ranoy
Yes, and that is already a lot.
0
Tom Earl
Is there a way to allow/block regions? We are a US company with no ties to outside the US so there's no reason for a user to log a ticket or an agent to access ZD from outside the US so I'd rather just close that access.
0
Rajeswara Rao Devavarapu
Hello ZD team,
We have multiple brands set up and would like to restrict access via IP addresses to 1 brand only. Is this possible in Zendesk. Please confirm.
Thanks,
RajeswaraRao
0