What is IP Whitelisting

Jellyfish includes IP Whitelisting as an additional access control layer applied during authentication.

This provides administrators with greater control over where users can access the platform from, enabling enforcement of network-level access policies alongside existing authentication mechanisms.

Administrators can configure individual IP addresses or IP ranges, allowing flexible policies that align with office networks, VPN endpoints, or other approved infrastructure.

Benefits of Using IP Whitelisting

• Reduce accidental logins from untrusted networks – helps prevent access from unintended or unauthorized locations.
• Supports compliance and policy enforcement – helps teams enforce internal access policies for sensitive environments.
• Quickly configurable – administrators can add or remove IP ranges in real time without affecting user credentials.
• Additional peace of mind – Provides an added layer of control against unintended or misconfigured access.

Considerations When Using IP Whitelisting

• IP whitelisting is not a foolproof security measure. IP addresses can be spoofed or masked in certain scenarios. 
• Best used in combination with existing authentication measures (e.g., MFA, certificates, password policies).
•  Works best for controlled or predictable network environments.

How Does IP Whitelisting Work?

When a user attempts to authenticate to Jellyfish, the platform evaluates the originating IP address of the request against the configured whitelist.

If the originating IP is not included in the whitelist, authentication is denied regardless of credential validity. If approved, authentication proceeds with standard credential validation.

Successful access therefore requires both:

• Valid user credentials, and
• An approved originating IP address.

How Do I Configure IP Whitelisting in Jellyfish?

IP Whitelisting can be configured by an administrator through the Jellyfish portal.

To enable and manage IP restrictions:

1.  Navigate to Configuration → Local Tenancy Configuration.
2. Locate the Login Settings section.
3. Locate the Restrict Login to IP Range sub-section.
4. Enter approved IPs or ranges, separated by commas or semicolons.
5. • Individual IP addresses are supported.
   • IP ranges, including CIDR notation, are also supported.
5. Submit the changes to apply the whitelist.

Once enabled, all authentication attempts for the tenancy will be evaluated against the configured IP whitelist. Administrators should ensure their current IP address is included before enabling enforcement to avoid unintended access restrictions.