You can restrict access to Zendesk Support to users within a specific range of IP addresses. This means that users from these IP addresses are the only users allowed to sign in to Support. You can also allow customers (but not agents and administrators) to bypass IP restrictions. IP restrictions apply to Zendesk and Zendesk mobile applications.
You can specify ranges of IP addresses, separating each range with a space. Two methods are available to specify a range. The first is to use asterisk (*) wildcards. An IP address consists of four numbers separated by periods, such as 192.168.0.1. You can substitute a single asterisk character (*) for any number group to let Zendesk know that it should accept any value in that space. For example, 192.*.*.* allows any IP address whose first number is 192.
The second way to specify an IP range is to use IP subnet mask syntax. For example, 192.168.1.0/25 specifies all the IP addresses between 192.168.1.0 and 192.168.1.127.
You cannot specify IP ranges where the CIDR (Classless Inter-Domain Routing) value is 0. For example if you specify, 10.0.0.0/0, the /0 is not valid.
- In Admin Center, click
Account in the sidebar, then select Security > Advanced. - On the IP Restrictions tab, select Enable IP restrictions, then
enter the Allowed IP Ranges you want to restrict. Note: Enabling IP based access restrictions can break third party integrations. Be sure to include all external IPs that need access to your account via the Zendesk API.
- (Optional) Select the Allow customers to bypass IP restrictions check
box.
This option ensures that you customers can access Support regardless of what their IP address is, even if their IP address is not in the range of allowed IP addresses.
Agents and administrators cannot bypass IP address restrictions.
- Click Save.
7 Comments
Hi ZD Support,
I have multiple brands set up and would like to restrict access via IP addresses to 1 brand only. This is meant to allow only internal company employees to submit request. I know someone asked about this 4 years ago but curious if any further work was made on this? Or are there any current plans to add this capability?
Thanks,
Sharon
Hi Sharon,
Thank you for your message here.
I've been investigating this for you, unfortunately, I'm afraid there isn't a feature out of the box in Zendesk that will allow you to restrict IP's on a more granular level (such as brands).
However, I invite you to create a post about that for our product managers to review this possibility for the improvement of our products as your personal experience truly matters : Feedback on Support.
By using this article, our System administrator managed to accidentally block all 66 agents access. I am hoping that we gain access soon.
15 minutes
Still no access.
40 minutes and back in.
Hello @...,
Sorry to hear you ran into this loss of access on your account. I looked into the ticket you opened up with our Advocacy team, and it appears this issue has been resolved. Let us know, however, if there is anything else we can do to assist.
Best regard.
If we switch this on, and want to integrate with services that are on Amazon AWS, how would we enable those services to connect with our Zendesk instance? Since you can't whitelist all of Amazon AWS...
Hi Matthew!
Thank you for reaching out here.
I have checked this for you and understand where you are coming from but I wouldn't recommend enabling this if you are connecting Amazon AWS since you will really need to whitelist every IP address you only like to connect.
I can say it's still possible to enable and whitelist everything but it would consume huge amount of time.
Still, I invite you to create a post for our product managers to review this possibility for the improvement of our products as your personal experience is important: Feedback on Support
I'm sorry and have a good day!
Josh
@... If the provider is using AWS, they should be able to assign Elastic IP addresses to their service. We use AWS Lambda almost exclusively for Playlist and had to implement Elastic IP because Cloudflare (used by Zendesk) was blocking certain IP addresses that were being "randomly" assigned to our backend. Some AWS IP addresses have a bad reputation, so we needed to ensure that our IP addresses are fixed. We now support IP restrictions, so it worked out well for us.
Please sign in to leave a comment.