Configure IP Restrictions
Table of Contents
Use the IP Allow List to prevent Syncro account access from any device not listed below. You can enter individual IPv4/IPv6 addresses or CIDR ranges (e.g., 192.0.2.0/24).
Syncro recommends enabling the IP Allow List for both Users and APIs. Note that the API restriction applies to all calls, including those from third-party integrations.
Watch this short video to learn more:
Create Your IP Allow List
- Navigate to Admin > Employees - IP Allow List.
- To disable the IP Allow List for Users and/or APIs, click the toggles to the On position. This will disable the feature(s).
- Use the Allowed IP Address List fields and the Add button to add all the public IP addresses of users and integrations connecting via our API (for which you have made API keys) to allow them access to Syncro:
Clicking Add will create a row in the table, sorted by the Name column by default.
IMPORTANT:
- Add the IP addresses of all Global Admins here. If you forget, Global Admins may be temporarily logged out until they receive the email described in Unauthorized Access. When they click Approve, their IP address will be added.
- If you're on a Team Plan and are using either Azure AD Sync or Database Backup, you must add 3.227.99.15 to your allowlist. (The IP addresses of Azure AD or the Database to which you are backing up do not need to be added.)
- If you're using PowerBI, you must allow API requests for the integration to work. Either toggle the “Diabled for APIs” On, or add the entirety of Azure's IP Ranges to your allowlist.
Unauthorized Access
If enabled for Users, any users on unlisted IPs will encounter this screen:
Additionally, Global Admins will receive an email notifying them of the attempt. This email includes an Approve button so you can easily add the blocked IP address to the IP Allowlist:
Whitelisting Integrations
Here are some commonly used vendors (and links to their IP resources) that you may want to add to your IP allowlist: