You can restrict end-user access to your Zendesk messaging channels by banning their IP address. When an IP address is banned from your Web Widget, iOS SDK, and Android SDK messaging channels, all end users from the banned address will be unable to conduct conversations with your AI or human agents.
This article includes the following sections:
Related articles:
Considerations when banning IP addresses from messaging channels
IP banning for messaging channels is available on all accounts that meet the feature requirements and is applied at the account level. That is, the ability to ban IP addresses is the same across all web and mobile messaging channels associated with your account.
You can specify individual IP addresses, or a range of IP addresses. See Restricting access to messaging channels by IP address.
Your account must meet the following requirements to Ban IP addresses in messaging channels:
- For most account types, IP banning is restricted to account administrators and billing administrators. However, Enterprise-level accounts can add IP address banning permission to custom roles.
- To ban IP addresses, or view banned IP addresses, from Agent Workspace, you must be displaying IP addresses in the Customer Context panel.
- By default, permission to ban IP addresses from messaging channels is not allowed for custom roles.
Currently, the following limitations apply to the Ban IP in messaging channels feature:
- Banning messaging channel access by IP address is only available for the Web Widget, iOS SDK, and Android SDK channels. It is not available for social or third-party messaging channels, or the Unity SDK channel.
- You can have up to 5,000 unique banned IP records. A unique ban IP record is an individual IP address or a range of IP addresses.
- It can take a few seconds for an IP ban to take effect. Although uncommon, an end user from a newly banned IP address may be able to initiate a new messaging conversation during that time.
IP address banning permissions for user roles
If you are on an Enterprise account, you can give agents permission to ban IP addresses.
Permission is granted at the role level; all agents assigned a role with permission to ban IP addresses will be able to perform this function.
By default:
- Light agent and contributor system roles have No access, meaning they can’t view, apply, or edit IP bans.
- Admins and Billing admins can add, view, edit, and delete IP bans.
- Agents in custom roles can only ban IP addresses if their role allows it.
To permit agents to ban IP addresses (Enterprise plans only)
- In Admin Center, click
People in the sidebar, then select Team > Roles. - Click the role you want to edit, or create a new custom role.
- Under People, find Ban IP addresses, select the permission
level you want to apply to the role:
- No access: Agents can’t view, apply, or edit IP bans.
- View only: Agents can access the Banned IP page, but can’t edit it or apply IP bans.
- View, add, edit, and delete: Agents can apply and remove IP bans, and can access the Banned IP page.
- Click Save.
Identifying banned IP addresses
If allowed for your user role, you can view and identify banned IP addresses in several places across Zendesk.
In Admin Center:
- The IP address is added to the Banned IP addresses page in Admin Center.
- The banning event appears in your account’s audit log.
In Agent Workspace:
- A label is added to the device information in the context panel.
The end-user experience
When an IP address has been banned, any end user from that IP address will be unable to communicate with your agents through the Web Widget or mobile channel.
| Conversation in progress when IP ban applied | New conversation after IP ban applied | |
|---|---|---|
| Description of behavior |
|
|
| Web Widget example |  |
 |
| Mobile SDK example |  |
 |