Skip to main content

Restrict Access by IP Range

By whitelisting specific IP addresses, you can restrict user access to your account and the workspaces under it, based on source IP. This helps prevent unauthorized user access from unapproved regions or systems.

Note

This security control should be considered an additional layer in your defense-in-depth strategy. It should not be considered a primary defense.

Prerequisites

  • You know which IPs your users will be accessing Alteryx Analytics Cloud (AAC) from.

  • You have direct access to your organization’s AAC account and have been assigned the Account Admin role.

Account Configuration

  1. Log into your AAC account.

  2. Go to Settings > Restrict Access by IP Range setting and select Edit.

  3. Select the Restrict Access by IP checkbox.

  4. Within the Whitelist IPs field, enter one or more IPs and/or CIDR ranges.

  5. Select Save.

Inputs are validated before the setting is persisted.

  • Only IPv4 is accepted.

  • Only RFC4632-compliant ranges are accepted.

  • 0 or more IPs and ranges can be entered, separated by a comma.

  • A range can be a single IP.

  • Whitespace is not accepted.

Example valid inputs:

  • 198.51.2.0

  • 198.51.2.0/24,198.51.5.0/4

If the Restrict Access by IP Range setting is enabled...

  • and the user's IP matches the IP whitelist, the user can still authenticate and existing sessions will be unaffected.

  • and the user's IP does not match the IP whitelist, the user will not be able to authenticate, and existing sessions will be terminated. This includes browser sessions, API sessions, and Designer Desktop Links.

If the Restrict Access by IP Range setting is not enabled (the input is null, or the Restrict Access by IP checkbox has not been selected), users can still authenticate, and existing sessions will be unaffected.